CVE-2024-54414

Summary

CVE-2024-54414 is a newly identified vulnerability that combines Cross-Site Request Forgery (CSRF) and Stored XSS (Cross-Site Scripting) attacks. This issue specifically affects the Geoportail Shortcode, from an unknown version through 2.4.4. A successful exploitation of this vulnerability would allow an attacker to inject malicious scripts into a user's browser, potentially leading to data theft or unauthorized actions. The CSRF component enables an attacker to manipulate a user's session, while the Stored XSS vulnerability allows the attacker to leave malicious code on the affected website, waiting for unsuspecting users to trigger it. This combination of vulnerabilities poses a significant risk to websites utilizing the Geoportail Shortcode.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.