CVE-2024-1024

CVSS 3.1 Score 6.1 of 10 (medium)

Details

Published Jan 30, 2024

Updated: May 17, 2024

CWE ID 79

Summary

CVE-2024-1024 is a newly disclosed vulnerability affecting the SourceCodester Facebook News Feed Like 1.0 component. Specifically, this issue lies within the New Account Handler's unknown code. An attacker can exploit this Cross-Site Scripting (XSS) vulnerability by manipulating the First Name/Last Name argument with the input <script>alert(1)</script>. This exploit can be initiated remotely, allowing an attacker to inject malicious scripts into a victim's web browser. As the vulnerability and its exploit have been made public, it poses a significant risk to users.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/uUuXO8
https://www.cve.org/CVERecord?id=CVE-2024-1024
https://nvd.nist.gov/vuln/detail/CVE-2024-1024

Back to Vulnerability Database

CVE-2024-1024

CVSS 3.1 Score 6.1 of 10 (medium)

Details

Summary

Advisories, Assessments, and Mitigations