CVE-2024-41910

CVSS 3.1 Score 6.1 of 10 (medium)

Details

Published Aug 6, 2024

Updated: Aug 13, 2024

CWE ID 79

Summary

CVE-2024-41910 is a newly discovered vulnerability affecting Poly Clariti Manager devices with firmware builds up to 10.10.2.2. This issue involves multiple Cross-Site Scripting (XSS) vulnerabilities found in the outdated JavaScript version used by the firmware. An attacker can exploit these XSS flaws by injecting malicious code into web pages viewed by other users, potentially gaining unauthorized access to sensitive information or taking control of their sessions. Device users are strongly advised to update their firmware to mitigate this risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/xMbu06
https://www.cve.org/CVERecord?id=CVE-2024-41910
https://nvd.nist.gov/vuln/detail/CVE-2024-41910

Back to Vulnerability Database

CVE-2024-41910

CVSS 3.1 Score 6.1 of 10 (medium)

Details

Summary

Advisories, Assessments, and Mitigations