CVE-2024-41613

CVSS 3.1 Score 5.4 of 10 (medium)

Details

Published Aug 13, 2024

Updated: Aug 14, 2024

CWE ID 79

Summary

CVE-2024-41613 is a Cross-Site Scripting (XSS) vulnerability affecting Symphony CMS version 2.7.10. Malicious actors can exploit this flaw by editing notes to inject arbitrary web scripts or HTML, posing a significant security risk as unsuspecting users may unknowingly execute the malicious code. This vulnerability could potentially lead to data theft, session hijacking, or other unintended actions. It is crucial for Symphony CMS users to update to the latest version or apply relevant patches to mitigate this risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Affected Vendors

Pluck -

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/xFQ1Hf
https://www.cve.org/CVERecord?id=CVE-2024-41613
https://nvd.nist.gov/vuln/detail/CVE-2024-41613

Back to Vulnerability Database