CVE-2024-8473

Summary

CVE-2024-8473 describes a Cross-Site Scripting (XSS) vulnerability affecting the product identified as 'tYxz11', where user-controlled input is not properly sanitized, allowing attackers to exploit the /jobportal/admin/login.php endpoint. This vulnerability could enable an attacker to access session details of authenticated users through the user_email parameter. The attack requires user interaction and has a low complexity, with an exploitability score of 2.8 and a medium base severity rating of 6.3. To remediate this vulnerability, organizations should implement proper input validation and sanitization measures for any user-controlled data before processing it on web pages. Failure to address this issue may lead to unauthorized access or data exposure within the organization.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.