CVE-2024-37063

CVSS 3.1 Score 7.8 of 10 (high)

Details

Published Jun 4, 2024

CWE ID 79

Summary

CVE-2024-37063 is a newly disclosed cross-site scripting (XSS) vulnerability affecting versions 3.7.0 and later of Ydata's ydata-profiling library. Maliciously crafted reports can trigger this issue in the browser, enabling attackers to inject and execute malicious code on unsuspecting users' browsers. This could lead to session hijacking, data theft, and other potential security risks. Users are strongly urged to upgrade to a patched version of the library as soon as possible to mitigate this threat.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/wNZcjr
https://www.cve.org/CVERecord?id=CVE-2024-37063
https://nvd.nist.gov/vuln/detail/CVE-2024-37063

Back to Vulnerability Database

CVE-2024-37063

CVSS 3.1 Score 7.8 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations