CVE-2024-9411
CVSS 3.1 Score 4.8 of 10 (medium)
Details
Summary
CVE-2024-9411 is a cross-site scripting vulnerability identified in OFCMS version 1.1.2, specifically affecting the add function in the file located at /admin/system/dict/add.json?sqlid=system.dict.save. This vulnerability allows remote attackers to manipulate the dict_value argument, potentially compromising the integrity of web applications that utilize this software. To remediate the issue, users should ensure they are running an updated version of OFCMS that addresses this vulnerability or implement input validation measures to sanitize user inputs. The potential danger posed to organizations includes unauthorized access and exploitation, which could lead to data breaches or malicious activities on affected systems. Given its medium severity rating and requirement for user interaction, organizations should remain vigilant and apply necessary security updates promptly.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Advisories, Assessments, and Mitigations
Prioritize, Pinpoint, and Act to Prevent Vulnerability Exploits with Recorded Future
- Gain complete coverage of your cyber, third party, and physical attack surface
- Proactively mitigate threats before they turn into costly attacks
- Make fast, effective, data-driven decisions