CVE-2024-51337

CVSS 3.1 Score 3.5 of 10 (low)

Details

Published Nov 21, 2024

CWE ID 79

Summary

CVE-2024-51337 is a Cross-Site Scripting (XSS) vulnerability affecting Gibbon before version 27.0.01. This issue lies in the /Gibbon/modules/User Admin/user_manage_editProcess.php file, which handles the email parameter without sufficient input validation. A remote attacker can exploit this flaw to inject malicious scripts into a targeted user's browser, potentially stealing sensitive information. The flaw has been addressed in Gibbon version 28.0.00.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Gibbon

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/z7YZZD
https://www.cve.org/CVERecord?id=CVE-2024-51337
https://nvd.nist.gov/vuln/detail/CVE-2024-51337

Back to Vulnerability Database

CVE-2024-51337

CVSS 3.1 Score 3.5 of 10 (low)

Details

Summary

Affected Products

Advisories, Assessments, and Mitigations