CVE-2024-9198

CVSS 3.1 Score 5.4 of 10 (medium)

Details

Published Sep 26, 2024
Updated: Oct 2, 2024
CWE ID 79

Summary

CVE-2024-9198 is a vulnerability found in Clibo Manager version 1.1.9.1, which allows attackers to execute stored Cross-Site Scripting (XSS) by uploading a malicious .svg image in the Profile > Profile picture section. This vulnerability affects products identified as 'y-KL4Z' and has a medium severity rating with a CVSS base score of 5.4, indicating a low level of required privileges and user interaction for exploitation. To remediate this issue, it is recommended that organizations implement input validation and sanitization measures to prevent the upload of malicious files. The potential danger posed by this vulnerability includes unauthorized execution of scripts that could compromise user data and session integrity, thereby affecting overall application security. More information can be found in vendor advisories, such as the one provided by INCIBE CERT.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share