CVE-2024-22491

CVSS 3.1 Score 5.4 of 10 (medium)

Details

Published Jan 16, 2024

Updated: Jan 23, 2024

CWE ID 79

Summary

CVE-2024-22491 represents a stored Cross-Site Scripting (XSS) vulnerability in beetl-bbs 2.0. Malicious actors can exploit this weakness by injecting malicious code into the post/save content parameter, enabling them to execute arbitrary scripts in users' browsers who view the affected content. The attacker's scripts can steal sensitive information, manipulate webpages, or install malware on the users' devices. This vulnerability poses a serious threat to the security and privacy of beetl-bbs 2.0 users, necessitating prompt patching and mitigation efforts.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/uGv1Jf
https://www.cve.org/CVERecord?id=CVE-2024-22491
https://nvd.nist.gov/vuln/detail/CVE-2024-22491

Back to Vulnerability Database

CVE-2024-22491

CVSS 3.1 Score 5.4 of 10 (medium)

Details

Summary

Advisories, Assessments, and Mitigations