CVE-2024-29768

CVSS 3.1 Score 5.9 of 10 (medium)

Details

Published Mar 27, 2024

CWE ID 79

Summary

CVE-2024-29768 is a Cross-site Scripting (XSS) vulnerability affecting the Brainstorm Force Astra plugin. The flaw, which permits Stored XSS attacks, is due to improper neutralization of user-supplied input during web page generation. This vulnerability can be exploited by attackers to inject malicious scripts into a website, potentially stealing user data or taking control of user accounts. The issue impacts Astra versions from n/a through 4.6.4. Users are strongly advised to update to the latest release to mitigate the risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/vDXczE
https://www.cve.org/CVERecord?id=CVE-2024-29768
https://nvd.nist.gov/vuln/detail/CVE-2024-29768

Back to Vulnerability Database

CVE-2024-29768

CVSS 3.1 Score 5.9 of 10 (medium)

Details

Summary

Advisories, Assessments, and Mitigations