CVE-2024-8572
CVSS 3.1 Score 6.1 of 10 (medium)
Details
Summary
CVE-2024-8572 identifies a vulnerability in Gouniverse GoLang CMS version 1.4.0, specifically affecting the PageRenderHtmlByAlias function in FrontendHandler.go, which can lead to cross-site scripting (XSS) when the alias argument is manipulated. This vulnerability can be exploited remotely and requires user interaction to execute an attack. Organizations using affected products should upgrade to version 1.4.1, where the issue is patched with commit 3e661cdfb4beeb9fe2ad507cdb8104c0b17d072c, to mitigate risks associated with this vulnerability. The CVSS score for this vulnerability is classified as medium (6.1), indicating a low integrity and confidentiality impact but requiring caution due to the potential for exploitation via network vectors. Failure to address this vulnerability may expose organizations to threats that could compromise their web applications and user data.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.