CVE-2024-34568

CVSS 3.1 Score 5.9 of 10 (medium)

Details

Published May 8, 2024

CWE ID 79

Summary

CVE-2024-34568 is a Cross-site Scripting (XSS) vulnerability affecting Themeqx LetterPress. The flaw, which permits Stored XSS attacks, is located in the web page generation process of the software. This means an attacker can inject malicious scripts into a webpage viewed by other users, potentially stealing sensitive information or taking control of their sessions. LetterPress versions from n/a to 1.2.1 are vulnerable to this issue. Users are encouraged to update to a patched version as soon as possible to mitigate the risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/vzGLSA
https://www.cve.org/CVERecord?id=CVE-2024-34568
https://nvd.nist.gov/vuln/detail/CVE-2024-34568

Back to Vulnerability Database

CVE-2024-34568

CVSS 3.1 Score 5.9 of 10 (medium)

Details

Summary

Advisories, Assessments, and Mitigations