CVE-2024-9089

CVSS 3.1 Score 5.4 of 10 (medium)

Details

Published Sep 23, 2024
Updated: Sep 27, 2024
CWE ID 79

Summary

CVE-2024-9089 is a cross-site scripting vulnerability identified in SourceCodester Modern Loan Management System version 1.0, specifically within the file update_loan_record.php. The flaw allows an attacker to manipulate the argument "amount," potentially leading to remote exploits with low complexity and minimal user interaction required. Affected organizations should remediate this vulnerability by applying updates or patches as they become available, and ensuring input sanitization in their web applications. The vulnerability poses a medium severity risk, with impacts on integrity and confidentiality rated as low. Exploitation of this issue may result in unauthorized actions being executed within the web application context.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share