CVE-2024-52470

CVSS 3.1 Score 7.1 of 10 (high)

Details

Published Nov 20, 2024

Updated: Nov 21, 2024

CWE ID 79

Summary

CVE-2024-52470 is a Cross-site Scripting (XSS) vulnerability affecting Brainvireinfo's Dynamic URL SEO, from versions n/a through 1.0. This issue arises due to improper neutralization of user input during web page generation. An attacker can exploit this flaw to inject malicious scripts into a targeted user's web browser, potentially leading to data theft or session hijacking. The impact of this vulnerability can extend to unintended domains due to the reflected nature of the attack. It is crucial for users to update their Dynamic URL SEO installation as soon as a patch becomes available to mitigate this risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/0a1cat
https://www.cve.org/CVERecord?id=CVE-2024-52470
https://nvd.nist.gov/vuln/detail/CVE-2024-52470

Back to Vulnerability Database

CVE-2024-52470

CVSS 3.1 Score 7.1 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations