CVE-2024-55452

CVSS 3.1 Score 5.4 of 10 (medium)

Details

Published Dec 16, 2024

Updated: Dec 17, 2024

CWE ID 601

Summary

CVE-2024-55452 is a URL redirection vulnerability discovered in UJCMS 9.6.3. This issue arises due to insufficient URL validation in the handling of new block and carousel items. Authenticated attackers can exploit this vulnerability by crafting malicious URLs, which if clicked by an unprivileged user, will redirect them to an attacker-controlled webpage. This redirection exposes users to potential phishing attacks, where sensitive tokens, including JSON Web Tokens, can be stolen. Authenticated users, upon clicking the malicious block item, unknowingly visit the attacker's domains, posing a significant security risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share

Advisories, Assessments, and Mitigations

Back to Vulnerability Database