CVE-2024-4859

CVSS 3.1 Score 5.7 of 10 (medium)

Details

Published May 14, 2024

CWE ID 79

Summary

CVE-2024-4859 represents a Stored Cross-Site Scripting (XSS) vulnerability affecting Solidus, a Ruby on Rails e-commerce platform, up to version 4.3.4. Malicious actors can inject and execute malicious scripts by exploiting the flaw in the order tracking URL. Successful attacks may lead to unauthorized access, data theft, or other malicious activities on the targeted e-commerce website. Users are encouraged to apply the available patches to mitigate this risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/v7Ef13
https://www.cve.org/CVERecord?id=CVE-2024-4859
https://nvd.nist.gov/vuln/detail/CVE-2024-4859

Back to Vulnerability Database

CVE-2024-4859

CVSS 3.1 Score 5.7 of 10 (medium)

Details

Summary

Advisories, Assessments, and Mitigations