CVE-2024-8604

CVSS 3.1 Score 4.3 of 10 (medium)

Details

Published Sep 9, 2024
Updated: Sep 10, 2024
CWE ID 79

Summary

CVE-2024-8604 is a medium-severity vulnerability found in the SourceCodester Online Food Ordering System 2.0, specifically affecting the index.php file in the Create an Account Page component. The vulnerability stems from improper handling of user inputs for First Name and Last Name, which allows for cross-site scripting (XSS) attacks that can be executed remotely. Organizations using this software may face risks including unauthorized access or manipulation of data, as user interaction is required for exploitation. To remediate this issue, it is recommended to sanitize and validate all user inputs to prevent malicious scripts from being executed. Additionally, updating to a patched version of the affected software would further mitigate these risks.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share