CVE-2024-55239

CVSS 3.1 Score 5.4 of 10 (medium)

Details

Published Dec 18, 2024

Updated: Dec 25, 2024

CWE ID 79

Summary

CVE-2024-55239 is a newly identified Cross-Site Scripting (XSS) vulnerability affecting Portabilis i-Educar 2.9. The flaw lies in the documentation upload functionality, which fails to properly sanitize user input in the 'titulo_documento' parameter. An attacker can exploit this weakness by crafting malicious URLs containing arbitrary JavaScript code. Successful exploitation could lead to unauthorized code execution in the user's browser, potentially resulting in data theft or account takeover. Users are strongly advised to update to a patched version as soon as possible.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Portabilis I-educar

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/1T05BN
https://www.cve.org/CVERecord?id=CVE-2024-55239
https://nvd.nist.gov/vuln/detail/CVE-2024-55239

Back to Vulnerability Database

Platform Features

Products

Use Cases

Teams

Industries

Services

Submarine Cables Face Increasing Threats Amid Geopolitical Tensions and Limited Repair Capacity

US Violent Extremists Likely Shifting Focus to Targeted Physical Threats in 2025

DRAT V2: Updated DRAT Emerges in TAG-140’s Arsenal

Know What Matters

For Customers

For Partners

CVE-2024-55239

CVSS 3.1 Score 5.4 of 10 (medium)

Details

Summary

Affected Products

Advisories, Assessments, and Mitigations