CVE-2024-9571

CVSS 3.1 Score 5.4 of 10 (medium)

Details

Published Oct 7, 2024
Updated: Oct 8, 2024
CWE ID 79

Summary

CVE-2024-9571 is a Cross-Site Scripting (XSS) vulnerability found in SOPlanning versions prior to 1.45, stemming from inadequate validation of user input in the xajax_server.php file, which could allow a remote attacker to execute malicious scripts in the context of an authenticated user's session. Affected products include multiple versions and configurations identified by codes such as ceoC7v, zRqyD3, and others. To remediate this vulnerability, organizations should update their SOPlanning software to version 1.45 or later. The potential danger posed includes unauthorized control over an authenticated user's browser session, which could lead to data theft or further exploitation within the organization's network. The vulnerability is rated with a base severity of medium, indicating that while it requires user interaction for exploitation, it poses a significant risk if left unaddressed.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share