Lucene search

MitreVULNRICHMENT:CVE-2024-41572

HistoryAug 21, 2024 - 12:00 a.m.

CVE-2024-41572

2024-08-2100:00:00

mitre

github.com

vulnerable

cross site scripting

javascript injection

remote attackers

AI Score

6.4

Confidence

High

EPSS

0.001

Percentile

17.7%

SSVC

Exploitation

none

Automatable

Technical Impact

partial

JSON

Learning with Texts (LWT) 2.0.3 is vulnerable to Cross Site Scripting (XSS). The application has a specific function that does not filter special characters in URL parameters. Remote attackers can inject JavaScript code without authorization. Exploiting this vulnerability, attackers can steal user credentials or execute actions such as injecting malicious scripts or redirecting users to malicious sites.

References

medium.com/%40ChadSecurity/cve-2024-41572-68397fae354b