CVE-2024-50637

CVSS 3.1 Score 5.4 of 10 (medium)

Details

Published Nov 6, 2024

Updated: Nov 7, 2024

CWE ID 79

Summary

CVE-2024-50637 is a newly disclosed vulnerability affecting UnoPim version 0.1.3 and older. This issue involves a Cross Site Scripting (XSS) flaw in the Create User function. Attackers can exploit this vulnerability by injecting malicious SVG code, which, when processed, allows the attacker to execute malicious scripts in the user's browser. This can ultimately lead to the theft of sensitive information, such as cookies, compromising the security of the affected system. Users are advised to update to the latest version of UnoPim to mitigate this risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/z7SxuC
https://www.cve.org/CVERecord?id=CVE-2024-50637
https://nvd.nist.gov/vuln/detail/CVE-2024-50637

Back to Vulnerability Database

CVE-2024-50637

CVSS 3.1 Score 5.4 of 10 (medium)

Details

Summary

Advisories, Assessments, and Mitigations