CVE-2024-9077

Summary

CVE-2024-9077 is a medium-severity vulnerability found in the dingfangzu product, specifically within the Order Checkout component's scripts/order.js file. This vulnerability allows for cross-site scripting (XSS) due to improper handling of the argument address-name, enabling remote exploitation. Affected products include versions up to 29d67d9044f6f93378e6eb6ff92272217ff7225c, but specific version details are not available due to the product's rolling release model. To remediate this issue, users should implement input validation and sanitization measures to protect against XSS attacks. As the exploit has been publicly disclosed, organizations using this product may face risks related to data integrity and confidentiality if not addressed promptly.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.