CVE-2024-9952
CVSS 3.1 Score 2.4 of 10 (low)
Details
Summary
CVE-2024-9952 is a vulnerability affecting SourceCodester Online Eyewear Shop version 1.0, specifically in the processing of the /admin/?page=system_info/contact_info file related to the Contact Information Page. This issue allows for cross-site scripting (XSS) through manipulation of the Address parameter, which can be exploited remotely. The exploit has been made public, increasing its risk to organizations using this software. To remediate this vulnerability, it is essential to apply input validation and sanitization measures to prevent malicious script injections. The potential danger posed by this vulnerability includes unauthorized access and data manipulation, especially since it requires high privileges and user interaction to be executed effectively.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.