CVE-2024-9572

CVSS 3.1 Score 6.3 of 10 (medium)

Details

Published Oct 7, 2024
Updated: Oct 8, 2024
CWE ID 79

Summary

CVE-2024-9572 is a Cross-Site Scripting (XSS) vulnerability affecting SOPlanning versions prior to 1.45, specifically due to inadequate validation of user input in the groupe_id parameter of the /soplanning/www/process/groupe_save.php file. This flaw could enable remote attackers to send crafted queries to authenticated users, potentially compromising their session details. Affected products include various versions identified as 'ceoC7' series and others like 'a2BIYk.' To remediate this vulnerability, it is recommended that organizations update their SOPlanning installations to version 1.45 or later. The vulnerability has a medium base severity score of 6.3, indicating a moderate risk that requires user interaction for exploitation.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share