CVE-2024-25097

CVSS 3.1 Score 6.5 of 10 (medium)

Details

Published Mar 13, 2024

CWE ID 79

Summary

CVE-2024-25097 is a Cross-site Scripting (XSS) vulnerability affecting ThemeNcode LLC's TNC PDF viewer. maliciously crafted input can be injected during web page generation, resulting in stored XSS. This issue can be exploited by attackers to execute malicious scripts in a user's browser when they view a specially crafted PDF document. The vulnerable versions of the TNC PDF viewer include those from n/a through 2.8.0. Users are advised to update to the latest version to mitigate this risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/uZ4rJQ
https://www.cve.org/CVERecord?id=CVE-2024-25097
https://nvd.nist.gov/vuln/detail/CVE-2024-25097

Back to Vulnerability Database

CVE-2024-25097

CVSS 3.1 Score 6.5 of 10 (medium)

Details

Summary

Advisories, Assessments, and Mitigations