CVE-2024-9856

Summary

CVE-2024-9856 is a vulnerability affecting 07FLYCMS, 07FLY-CMS, and 07FlyCRM versions 1.3.8, which involves cross-site scripting due to improper manipulation of the Login Interface Copyright argument on the System Settings Page. This vulnerability can be exploited remotely and has been rated with a low base severity score of 2.4, requiring high privileges and user interaction for successful attacks. Organizations using these products may face integrity impacts and could potentially have their systems compromised if not addressed promptly. To remediate this issue, it is recommended to update or patch the affected software versions as soon as possible. Despite attempts to contact the vendor for further guidance on remediation, communication was unsuccessful due to a non-functional email address.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.