CVE-2024-8750

CVSS 3.1 Score 5.4 of 10 (medium)

Details

Published Sep 12, 2024
Updated: Sep 18, 2024
CWE ID 79

Summary

CVE-2024-8750 is a Cross-site Scripting (XSS) vulnerability affecting idoit pro version 28, which can enable attackers to access session details of authenticated users due to inadequate sanitization of specific parameters. The products impacted by this vulnerability include idoit pro and its associated components. Remediation involves properly sanitizing the vulnerable parameters (id, lang, mNavID, name, pID, treeNode, type, view) to prevent exploitation. The potential danger posed by this vulnerability is classified as medium severity, with an exploitability score of 2.8; it requires low privileges and no user interaction but can compromise confidentiality and integrity to a limited extent. Organizations using the affected software should prioritize addressing this issue to mitigate risks associated with unauthorized access to user session information.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share