CVE-2024-43231

CVSS 3.1 Score 6.5 of 10 (medium)

Details

Published Aug 12, 2024

Updated: Aug 13, 2024

CWE ID 79

Summary

CVE-2024-43231 is a newly disclosed Cross-site Scripting (XSS) vulnerability that affects Themeum Tutor LMS from versions n/a to 2.7.3. Malicious actors can exploit this Improper Neutralization of Input During Web Page Generation issue to inject and execute malicious scripts in users' browsers when they view a specially crafted webpage. This stored XSS vulnerability poses a significant threat to users, potentially leading to data theft or unauthorized account access. It is crucial that affected users upgrade to a patched version of Tutor LMS as soon as possible to mitigate the risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share

Affected Products

Tutor LMS Plugin

Advisories, Assessments, and Mitigations

Back to Vulnerability Database