CVE-2024-2598

CVSS 3.1 Score 4.3 of 10 (medium)

Details

Published Mar 18, 2024

CWE ID 352

Summary

CVE-2024-2598 is a newly identified cross-site scripting (XSS) vulnerability affecting AMSS++ version 4.31. The issue lies in the software's failure to encode user-controlled input appropriately, making it susceptible to XSS attacks. Specifically, this vulnerability is exploited through the /amssplus/modules/book/main/select_send_2.php file in multiple parameters. An attacker could take advantage of this flaw by sending a malicious URL to an authenticated user, potentially stealing their session cookie credentials.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/uk9Asi
https://www.cve.org/CVERecord?id=CVE-2024-2598
https://nvd.nist.gov/vuln/detail/CVE-2024-2598

Back to Vulnerability Database

CVE-2024-2598

CVSS 3.1 Score 4.3 of 10 (medium)

Details

Summary

Advisories, Assessments, and Mitigations