CVE-2024-9799

CVSS 3.1 Score 3.5 of 10 (low)

Details

Published Oct 10, 2024
Updated: Oct 15, 2024
CWE ID 79

Summary

CVE-2024-9799 identifies a cross-site scripting vulnerability in SourceCodester Profile Registration without Reload Refresh version 1.0, specifically affecting the functionality of the add.php file. This vulnerability allows an attacker to manipulate parameters such as email_address, address, company_name, job_title, and jobDescription, which can be exploited remotely. The risk is classified as low with a CVSS base score of 3.5; however, it requires user interaction for exploitation and can lead to partial integrity impact. Organizations using the affected product are advised to apply appropriate input validation and sanitization measures to mitigate the risk associated with this vulnerability. Public disclosure of the exploit increases the urgency for remediation to prevent potential attacks leveraging this flaw.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share