CVE-2024-8366

CVSS 3.1 Score 4.7 of 10 (medium)

Details

Published Aug 31, 2024
Updated: Sep 4, 2024
CWE ID 79

Summary

CVE-2024-8366 is a vulnerability identified in the Pharmacy Management System version 1.0, specifically affecting the /index.php?id=userProfileEdit component related to user profile updates. The vulnerability arises from improper handling of user input, allowing for cross-site scripting (XSS) attacks when specific parameters such as fname, lname, and email are manipulated with malicious scripts. This issue can be exploited remotely, posing a medium-level threat to organizations using this software, with an exploitability score of 2.8 and requiring user interaction for initiation. To mitigate this risk, it is recommended that users sanitize and validate inputs to prevent script injections and implement security measures that restrict unauthorized access to vulnerable components. Given the potential for XSS attacks, organizations should prioritize addressing this vulnerability to protect their systems from exploitation.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share