CVE-2024-54429

Summary

CVE-2024-54429 is a newly disclosed vulnerability that impacts the Ivan Ovsyannikov Aphorismus application. This issue combines a Cross-Site Request Forgery (CSRF) weakness with the potential for Stored Cross-Site Scripting (XSS). The CSRF vulnerability allows unauthorized users to perform malicious actions on behalf of authenticated users. Moreover, the Stored XSS component enables attackers to inject malicious scripts that can persist even after the user logs out and revisits the site. Affected versions of Aphorismus span from n/a to 1.2.0. It is crucial that users upgrade to the latest, secure version as soon as possible to mitigate the risks associated with this vulnerability.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.