CVE-2024-9147

CVSS 3.1 Score 6.1 of 10 (medium)

Details

Published Nov 4, 2024
Updated: Nov 6, 2024
CWE ID 79
CWE ID 80

Summary

CVE-2024-9147 is a vulnerability affecting Bna Informatics PosPratik before version 3.2.1. This issue involves an improper neutralization of script-related HTML tags in a Web Page, resulting in a Basic XSS (Cross-Site Scripting) vulnerability. Attackers can exploit this vulnerability by injecting malicious scripts through HTTP query strings, allowing them to execute arbitrary code in users' browsers. This poses a significant risk, as users visiting a maliciously crafted Web page may have their session cookies stolen or have unintended actions taken on their behalf. It is crucial that users upgrade to the latest version of PosPratik to mitigate this risk.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share