CVE-2024-43025

2024-09-1800:00:00

mitre

github.com

html injection

rws multitrans

alteration

phishing attack

e-mail payload

AI Score

7.3

Confidence

Low

SSVC

Exploitation

none

Automatable

Technical Impact

partial

JSON

An HTML injection vulnerability in RWS MultiTrans v7.0.23324.2 and earlier allows attackers to alter the HTML-layout and possibly execute a phishing attack via a crafted payload injected into a sent e-mail.

References

community.rws.com/product-groups/translation_management/multitrans/w/releases/5112/multitrans-7-releases

github.com/Sharpe-nl/CVEs/tree/main/CVE-2024-43025

github.com/tomdantuma/CVE/tree/main/2024-43025