CVE-2024-9007

CVSS 3.1 Score 5.4 of 10 (medium)

Details

Published Sep 19, 2024
Updated: Sep 25, 2024
CWE ID 79

Summary

CVE-2024-9007 is a cross-site scripting vulnerability found in version 1.8.4.5 of the 123solar application developed by jeanmarc77, specifically affecting the /detailed.php file due to improper input handling of the date1 argument. This vulnerability can be exploited remotely with a low level of authentication required, posing a medium risk to affected organizations as it may allow attackers to manipulate web content and execute malicious scripts in users' browsers. Users are advised to apply the patch identified by commit 94bf9ab7ad0ccb7fbdc02f172f37f0e2ea08d48f to remediate this issue promptly. The vulnerability has been publicly disclosed, increasing its potential for exploitation. Maintaining up-to-date software and applying security patches are critical measures for organizations to mitigate such vulnerabilities effectively.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share