CVE-2024-24906

CVSS 3.1 Score 7.6 of 10 (high)

Details

Published Mar 1, 2024

CWE ID 79

Summary

CVE-2024-24906 is a stored Cross-Site Scripting (XSS) vulnerability affecting Dell Secure Connect Gateway (SCG) Policy Manager. This issue allows an adjacent network high privileged attacker to inject malicious HTML or JavaScript codes into a trusted application data store. When a user accesses the data store through their browser, the malicious code is executed, potentially leading to information disclosure, session theft, or client-side request forgery. The vulnerability exists in the Policy page of all versions of the Dell SCG Policy Manager.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/uXU678
https://www.cve.org/CVERecord?id=CVE-2024-24906
https://nvd.nist.gov/vuln/detail/CVE-2024-24906

Back to Vulnerability Database

CVE-2024-24906

CVSS 3.1 Score 7.6 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations