CVE-2024-7016
CVSS 3.1 Score 5.4 of 10 (medium)
Details
Summary
CVE-2024-7016 is a newly discovered Cross-site Scripting (XSS) vulnerability affecting Smarttek Informatics' Smart Doctor software. This issue permits attackers to inject malicious scripts into web pages viewed by other users, potentially leading to data theft or unauthorized system access. The vulnerability exists in Smart Doctor up until version 21.11.2024, and the vendor has yet to respond to disclosure notices. This condition poses a significant risk to organizations using the affected software, as unpatched XSS vulnerabilities can be exploited to launch devastating attacks.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.