CVE-2024-9276
CVSS 3.1 Score 3.5 of 10 (low)
Details
Summary
CVE-2024-9276 identifies a cross-site scripting vulnerability in TMsoft MyAuth Gateway version 3, specifically in the function located at /index.php. This vulnerability can be exploited remotely by manipulating the argument console/nocache/cmd, allowing potential attackers to execute harmful scripts on user browsers. The attack requires low privileges and user interaction, but poses a risk to the integrity of affected systems, as it could lead to unauthorized actions or data exposure. Organizations using this software should implement remediation strategies such as input validation and sanitization to mitigate this risk. The vendor has not responded to early disclosure attempts regarding this vulnerability.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.