CVE-2024-6511
CVSS 2.0 Score 4.0 of 10 (medium)
Details
Published Jul 4, 2024
Updated: Jul 5, 2024
CWE ID 79
Summary
CVE-2024-6511 is a newly disclosed vulnerability affecting RuoYi's Content-Type Handler component up to version 4.7.9. The function isJsonRequest holds the weakness, where manipulation of the HttpHeaders.CONTENT_TYPE argument can lead to cross-site scripting attacks. These attacks can be initiated remotely, making the vulnerability a significant security concern. The exploit has already been made public, increasing the risk for potential exploitation. The associated identifier for this vulnerability is VDB-270343.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Share