CVE-2024-22290

CVSS 3.1 Score 8.8 of 10 (high)

Details

Published Jan 31, 2024

Updated: Feb 13, 2024

CWE ID 352

Summary

CVE-2024-22290 is a Cross-Site Request Forgery (CSRF) vulnerability affecting the AboZain,O7abeeb,UnitOne Custom Dashboard Widgets. This issue allows an attacker to execute Cross-Site Scripting (XSS) attacks on users of the affected widgets, which range from version n/a to 1.3.1. The CSRF flaw enables an attacker to manipulate users' actions on the affected website without their knowledge, potentially leading to unauthorized data access or modification. It's essential for users to update their Custom Dashboard Widgets to a patched version as soon as possible to mitigate this threat.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/uE0pkH
https://www.cve.org/CVERecord?id=CVE-2024-22290
https://nvd.nist.gov/vuln/detail/CVE-2024-22290

Back to Vulnerability Database

CVE-2024-22290

CVSS 3.1 Score 8.8 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations