CVE-2024-5380

CVSS 2.0 Score 4.0 of 10 (medium)

Details

Published May 26, 2024

Updated: Jun 4, 2024

CWE ID 79

Summary

CVE-2024-5380 is a newly identified vulnerability affecting jsy-1 short-url 1.0.0. This issue lies within an unnamed function in the admin.php file, which can be exploited through manipulation of the url argument. The exploitation of this vulnerability enables cross-site scripting attacks, which can be launched remotely. Upgrading to version 2.0.0 is the recommended solution, with the patch identified as 35c790897d6979392bc6f60707fc32da13a98b63. It is strongly advised to upgrade the affected component to mitigate this risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/wGvVNe
https://www.cve.org/CVERecord?id=CVE-2024-5380
https://nvd.nist.gov/vuln/detail/CVE-2024-5380

Back to Vulnerability Database

CVE-2024-5380

CVSS 2.0 Score 4.0 of 10 (medium)

Details

Summary

Advisories, Assessments, and Mitigations