CVE-2024-52473

CVSS 3.1 Score 7.1 of 10 (high)

Details

Published Nov 20, 2024

Updated: Nov 21, 2024

CWE ID 79

Summary

CVE-2024-52473 is a newly identified Cross-site Scripting (XSS) vulnerability that affects the Sandeep Verma HTML5 Lyrics Karaoke Player. The flaw, which permits Reflected XSS attacks, is located in the application's web page generation process. By injecting malicious scripts into the input fields, attackers can manipulate the web page and steal sensitive user information, including login credentials and cookies. The vulnerability spans from version n/a to 2.4 of the HTML5 Lyrics Karaoke Player. Users are urged to update their software as soon as a patch is released to mitigate this risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/0a32y7
https://www.cve.org/CVERecord?id=CVE-2024-52473
https://nvd.nist.gov/vuln/detail/CVE-2024-52473

Back to Vulnerability Database

CVE-2024-52473

CVSS 3.1 Score 7.1 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations