CVE-2024-29191
CVSS 3.1 Score 6.1 of 10 (medium)
Details
Published Apr 4, 2024
CWE ID 79
Summary
CVE-2024-29191 is a DOM-based cross-site scripting (XSS) vulnerability affecting versions 1.8.5 and prior of the gotortc camera streaming application. Malicious scripts can be injected through the `src` GET parameter in links on the `links.html` page, which is appended to `innerHTML` for 1-click previews. The context in which `src` is being appended makes the text insert as HTML, allowing for XSS attacks. This issue is addressed by a patch in commit 3b3d5b033aac3a019af64f83dec84f70ed2c8aba.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Share