CVE-2024-3776

CVSS 3.1 Score 9.9 of 10 (high)

Details

Published Apr 15, 2024

CWE ID 434

Summary

CVE-2024-3776 is a newly identified vulnerability affecting the login page of Netvision airPASS. The flaw lies in the lack of proper filtering for user input in a parameter. An unauthenticated attacker can exploit this weakness by injecting JavaScript code into the parameter, resulting in Reflected Cross-site scripting (XSS) attacks. These attacks can potentially steal user data or carry out actions on their behalf, posing a significant security risk. Users are advised to update their systems as soon as a patch is available.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/wYt70t
https://www.cve.org/CVERecord?id=CVE-2024-3776
https://nvd.nist.gov/vuln/detail/CVE-2024-3776

Back to Vulnerability Database

CVE-2024-3776

CVSS 3.1 Score 9.9 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations