CVE-2024-54431

CVSS 3.1 Score 7.1 of 10 (high)

Details

Published Dec 16, 2024

CWE ID 352

Summary

CVE-2024-54431 is a newly disclosed vulnerability affecting Mohamed Riyaz Admin Customization. This issue combines Cross-Site Request Forgery (CSRF) and Stored XSS (Cross-Site Scripting) vulnerabilities. An attacker exploiting the CSRF weakness could manipulate users into performing unintended actions on the affected system. Meanwhile, the Stored XSS flaw enables an attacker to inject and execute malicious scripts on the victim's browser, posing a significant threat to data confidentiality and potentially leading to unauthorized account takeovers. The vulnerability spans from an unspecified version up to 2.2 of Admin Customization.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/1KK9s-
https://www.cve.org/CVERecord?id=CVE-2024-54431
https://nvd.nist.gov/vuln/detail/CVE-2024-54431

Back to Vulnerability Database

CVE-2024-54431

CVSS 3.1 Score 7.1 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations