CVE-2024-54409

CVSS 3.1 Score 7.1 of 10 (high)

Details

Published Dec 16, 2024

CWE ID 352

Summary

CVE-2024-54409 is a newly disclosed vulnerability affecting the fzmaster component in XPD Reduce Image Filesize. This issue involves a Cross-Site Request Forgery (CSRF) weakness, which can lead to Stored Cross-Site Scripting (XSS) attacks. The CSRF flaw can be exploited to manipulate user sessions and perform unauthorized actions. The XPD Reduce Image Filesize application, from an unknown version up to 1.0, is impacted by this vulnerability. Successful exploitation could result in significant security risks for affected users.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/1KK88V
https://www.cve.org/CVERecord?id=CVE-2024-54409
https://nvd.nist.gov/vuln/detail/CVE-2024-54409

Back to Vulnerability Database

CVE-2024-54409

CVSS 3.1 Score 7.1 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations