CVE-2024-44794

Summary

CVE-2024-44794 is a cross-site scripting (XSS) vulnerability affecting the component /master/auth/OnedriveRedirect.php of the PicUploader product. This flaw allows attackers to execute arbitrary web scripts or HTML by injecting malicious payloads into the error_description parameter. The vulnerability has a medium severity rating with an exploitability score of 2.8, requiring user interaction and posing low risks to confidentiality and integrity. To remediate this issue, organizations should ensure proper input validation and sanitization within their applications. Failure to address this vulnerability could lead to unauthorized actions being performed on behalf of users, potentially compromising sensitive information or disrupting services.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.