CVE-2024-9291

Summary

CVE-2024-9291 is a vulnerability found in the kalvinGit kvf-admin component up to version f12a94dc1ebb7d1c51ee978a85e4c7ed75c620ff, specifically affecting the XML File Handler's upload function. This vulnerability allows for cross-site scripting (XSS) through manipulation of the "upfile" argument in the file located at /ueditor/upload?configPath=ueditor/config.json&action=uploadfile, which can be exploited remotely. The exploit has been publicly disclosed, posing a potential risk to organizations using this software due to its low integrity impact and requirement for user interaction during an attack. To remediate this issue, users are encouraged to monitor for updates in the GitHub repository, although it has not been updated for over two years. Given its rolling release model, specific version details are not available for affected or patched releases.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.