CVE-2024-9411

CVSS 3.1 Score 4.8 of 10 (medium)

Details

Published Oct 1, 2024

Updated: Oct 4, 2024

CWE ID 79

Summary

CVE-2024-9411 is a medium-severity vulnerability found in OFCMS version 1.1.2, specifically affecting the function add in the file /admin/system/dict/add.json?sqlid=system.dict.save. This vulnerability allows for cross-site scripting (XSS) through manipulation of the dict_value argument, with the potential for remote exploitation. Organizations using affected products, such as zBg-TV, are at risk if user interaction is involved, as it requires high privileges to exploit. To remediate this vulnerability, it is recommended to sanitize inputs and implement appropriate security measures against XSS attacks. The exploit has been publicly disclosed and poses a significant security risk if not addressed promptly.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share

Advisories, Assessments, and Mitigations

Back to Vulnerability Database