CVE-2024-8328

Summary

CVE-2024-8328 identifies a vulnerability in the Easy Test Online Learning and Testing Platform developed by HWA JIUH DIGITAL TECHNOLOGY, which lacks proper validation of a specific page parameter. This flaw enables remote attackers with low privileges to execute arbitrary JavaScript code, resulting in Reflected Cross-site Scripting (XSS) attacks. Affected products include the platform itself, which has an exploitability score of 2.3 and a base severity rating of medium (5.4). To mitigate this vulnerability, it is recommended that the vendor implement proper input validation measures to prevent XSS attacks. The potential danger to organizations includes the compromise of user data integrity and confidentiality, although the overall impact on availability is rated as none.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.