CVE-2024-51649

Summary

CVE-2024-51649 is a newly disclosed vulnerability affecting Patrick Lumumba Mobilize, a software solution for organizing campaigns and events. This issue combines a Cross-Site Request Forgery (CSRF) weakness with the potential for Stored Cross-Site Scripting (XSS). attackers can exploit this CSRF vulnerability to perform unauthorized actions on behalf of a victim, such as modifying their account settings or making unintended donations. Simultaneously, they can inject malicious scripts using the Stored XSS component, posing a serious threat to data confidentiality and user safety. The vulnerability affects Mobilize versions from n/a through 3.0.7. It is crucial that users and organizations upgrade to a secure version as soon as possible to mitigate these risks.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.