CVE-2024-9276

CVSS 3.1 Score 3.5 of 10 (low)

Details

Published Sep 27, 2024
Updated: Sep 30, 2024
CWE ID 79

Summary

CVE-2024-9276 identifies a cross-site scripting vulnerability in TMsoft MyAuth Gateway version 3, specifically in the function located at /index.php. This vulnerability can be exploited remotely by manipulating the argument console/nocache/cmd, allowing potential attackers to execute harmful scripts on user browsers. The attack requires low privileges and user interaction, but poses a risk to the integrity of affected systems, as it could lead to unauthorized actions or data exposure. Organizations using this software should implement remediation strategies such as input validation and sanitization to mitigate this risk. The vendor has not responded to early disclosure attempts regarding this vulnerability.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share