CVE-2024-51838

CVSS 3.1 Score 6.5 of 10 (medium)

Details

Published Nov 19, 2024

CWE ID 79

Summary

CVE-2024-51838 is a Cross-Site Scripting (XSS) vulnerability affecting the Pull This software from an unknown version up to 1.1. The flaw, which involves improper neutralization of user input during web page generation, allows attackers to inject malicious scripts into a victim's browser, potentially leading to session hijacking, data theft, or other malicious activities. This can be exploited through specially crafted links or forms that are designed to execute the malicious code in the victim's browser. Users are strongly advised to update their Pull This installations to the latest version to mitigate this risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/0MGf18
https://www.cve.org/CVERecord?id=CVE-2024-51838
https://nvd.nist.gov/vuln/detail/CVE-2024-51838

Back to Vulnerability Database

CVE-2024-51838

CVSS 3.1 Score 6.5 of 10 (medium)

Details

Summary

Advisories, Assessments, and Mitigations