CVE-2024-51814

CVSS 3.1 Score 6.5 of 10 (medium)

Details

Published Nov 19, 2024

Updated: Nov 20, 2024

CWE ID 79

Summary

CVE-2024-51814 is a Cross-site Scripting (XSS) vulnerability affecting the 野人活动链接推广插件 from an unknown version up to 1.2.0. This issue arises due to improper neutralization of user input during web page generation. An attacker could exploit this flaw to inject malicious scripts into a victim's browser, potentially taking control of their session or stealing sensitive information. This vulnerability poses a serious security risk for users of the affected plugin, and it is recommended that they update to the latest, secure version as soon as possible.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/0MFOKR
https://www.cve.org/CVERecord?id=CVE-2024-51814
https://nvd.nist.gov/vuln/detail/CVE-2024-51814

Back to Vulnerability Database

CVE-2024-51814

CVSS 3.1 Score 6.5 of 10 (medium)

Details

Summary

Advisories, Assessments, and Mitigations