CVE-2024-9969

CVSS 3.1 Score 5.4 of 10 (medium)

Details

Published Oct 15, 2024

Updated: Oct 19, 2024

CWE ID 79

Summary

CVE-2024-9969 is a newly identified vulnerability affecting NewType WebEIP v3.0. This issue arises due to insufficient input validation, enabling remote attackers with standard privileges to inject malicious JavaScript code into specific parameters. Consequently, Reflected Cross-site Scripting (XSS) attacks become possible. Unfortunately, the affected product is no longer being maintained, necessitating an upgrade to a more secure version as soon as possible.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/zgPMUH
https://www.cve.org/CVERecord?id=CVE-2024-9969
https://nvd.nist.gov/vuln/detail/CVE-2024-9969

Back to Vulnerability Database

Platform Features

Products

Use Cases

Teams

Industries

Services

Submarine Cables Face Increasing Threats Amid Geopolitical Tensions and Limited Repair Capacity

US Violent Extremists Likely Shifting Focus to Targeted Physical Threats in 2025

DRAT V2: Updated DRAT Emerges in TAG-140’s Arsenal

Know What Matters

For Customers

For Partners

CVE-2024-9969

CVSS 3.1 Score 5.4 of 10 (medium)

Details

Summary

Advisories, Assessments, and Mitigations