CVE-2024-9279

Summary

CVE-2024-9279 is a cross-site scripting vulnerability found in funnyzpc's Mee-Admin version 1.6 and earlier, affecting the User Center component. The vulnerability allows for remote exploitation through the manipulation of the User Nickname parameter within the /mee/index file. It poses a potential danger to organizations by enabling attackers to execute malicious scripts, which could compromise user data and session integrity. To remediate this issue, it is recommended that affected products, including y-KMAE, y-KMAF, and others listed, be updated to secure versions or have proper input validation implemented. The exploit has been publicly disclosed after the vendor failed to respond to initial notifications regarding the vulnerability.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.