CVE-2024-8605

CVSS 3.1 Score 4.3 of 10 (medium)

Details

Published Sep 9, 2024
Updated: Sep 13, 2024
CWE ID 79

Summary

CVE-2024-8605 is a vulnerability identified in the Inventory Management 1.0 application, specifically within the registration form located in the file /view/registration.php, which is susceptible to cross-site scripting (XSS) attacks. The flaw allows attackers to execute scripts remotely by manipulating input fields, such as using the payload <script>alert(1)</script>. This vulnerability has been publicly disclosed and presents a medium-level threat, with an exploitability score of 2.8, requiring user interaction for successful exploitation. To remediate this issue, developers should implement proper input sanitization measures in the affected components to neutralize malicious script inputs. Organizations utilizing this software may face risks related to data integrity compromise and unauthorized access if this vulnerability is not addressed promptly.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share