CVE-2024-22548

CVSS 3.1 Score 5.4 of 10 (medium)

Details

Published Jan 18, 2024

Updated: Jan 20, 2024

CWE ID 79

Summary

CVE-2024-22548 is a newly identified vulnerability affecting FlyCms version 1.0. This issue permits attackers to inject malicious scripts into the system website settings through the vulnerable website name section, exposing users to Cross-Site Scripting (XSS) attacks. Successful exploitation could lead to unauthorized access to user sessions or data theft, making it a significant security risk. Users are advised to upgrade to a patched version of FlyCms as soon as possible to mitigate this vulnerability.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/uGvfy2
https://www.cve.org/CVERecord?id=CVE-2024-22548
https://nvd.nist.gov/vuln/detail/CVE-2024-22548

Back to Vulnerability Database

CVE-2024-22548

CVSS 3.1 Score 5.4 of 10 (medium)

Details

Summary

Advisories, Assessments, and Mitigations