CVE-2024-37160

CVSS 3.1 Score 4.8 of 10 (medium)

Details

Published Jun 7, 2024

Updated: Jun 11, 2024

CWE ID 79

Summary

CVE-2024-37160 is a newly identified vulnerability affecting Formwork, a flat file-based Content Management System. This issue allows an attacker with administrative privileges to inject arbitrary web scripts into site options, located at /panel/options/site. The implications of this vulnerability are significant as it enables attackers to persistently affect visitors across all pages, excluding the dashboard. This type of attack is especially dangerous due to its ability to impact users site-wide. Version 1.13.1 of Formwork includes the necessary fixes to mitigate this issue.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/wQqN4H
https://www.cve.org/CVERecord?id=CVE-2024-37160
https://nvd.nist.gov/vuln/detail/CVE-2024-37160

Back to Vulnerability Database

CVE-2024-37160

CVSS 3.1 Score 4.8 of 10 (medium)

Details

Summary

Advisories, Assessments, and Mitigations