CVE-2024-57428

CVSS 3.1 Score 9.3 of 10 (high)

Details

Published Feb 6, 2025

CWE ID 79

Summary

CVE-2024-57428 is a stored cross-site scripting (XSS) vulnerability affecting the PHPJabbers Cinema Booking System v2.0. The issue arises due to insufficient input validation in file upload fields, namely event_img and seat-maps, and seat number configurations (number[new_X] in pjActionCreate). Malicious actors can exploit this vulnerability to inject persistent JavaScript code. Consequences of such an attack include phishing, malware injection, and session hijacking. This weakness poses a significant risk to users interacting with the Cinema Booking System and emphasizes the importance of proper input validation measures.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/2T6xTs
https://www.cve.org/CVERecord?id=CVE-2024-57428
https://nvd.nist.gov/vuln/detail/CVE-2024-57428

Back to Vulnerability Database

CVE-2024-57428

CVSS 3.1 Score 9.3 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations