CVE-2024-8208

CVSS 3.1 Score 6.1 of 10 (medium)

Details

Published Aug 27, 2024
Updated: Aug 29, 2024
CWE ID 79

Summary

CVE-2024-8208 is a medium-severity vulnerability found in the Insurance Management System 1.0 developed by nafisulbari, specifically affecting the editClient.php file. This vulnerability allows for cross-site scripting (XSS) through manipulation of the AGENT ID parameter, and it can be exploited remotely without requiring user privileges. The potential danger to organizations includes unauthorized data access and compromised user interactions, as the attack complexity is rated as low but requires user interaction. Remediation measures should involve sanitizing input within the affected functionality to prevent XSS attacks. As of now, there has been no response from the vendor regarding this disclosed issue.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share