CVE-2024-2633

CVSS 3.1 Score 7.5 of 10 (high)

Details

Published Mar 19, 2024

CWE ID 287

Summary

CVE-2024-2633 is a Cross-Site Scripting (XSS) vulnerability affecting Meta4 HR versions 819.001.022 and older. The vulnerability lies in the '/sitetest/english/dumpenv.jsp' endpoint, which is susceptible to XSS attacks when processing 'lang' query parameters. Attackers can inject malicious code, such as '<img src onerror=alert(1)>', exploiting this weakness and potentially executing malicious scripts in users' browsers. This can lead to unintended data disclosure or redirection, putting sensitive information at risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/ukl_6o
https://www.cve.org/CVERecord?id=CVE-2024-2633
https://nvd.nist.gov/vuln/detail/CVE-2024-2633

Back to Vulnerability Database

CVE-2024-2633

CVSS 3.1 Score 7.5 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations