Cross-Site Scripting Vulnerabilities in Proactive Risk Manager by Proactive
CVE-2024-48569

Currently unrated

Key Information:

Vendor: Proactive
Status: Proactive Risk Manager
Vendor: CVE Published:; 30 October 2024

Badges

👾 Exploit Exists🟡 Public PoC

What is CVE-2024-48569?

Proactive Risk Manager version 9.1.1.0 has been identified as having multiple Cross-Site Scripting (XSS) vulnerabilities, particularly within the add/edit form fields. These vulnerabilities can be exploited by attackers through URLs that include the subpaths /ar/config/configuation/ and /ar/config/risk-strategy-control/. Successful exploitation could allow attackers to inject malicious scripts into the web pages viewed by other users, potentially leading to data theft or session hijacking.

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2024-48569
Created by MarioTesoro

References

https://github.com/MarioTesoro/CVE-2024-48569

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 30, 2024
🟡
Public PoC available
Oct 27, 2024
👾
Exploit known to exist
Oct 27, 2024
Vulnerability Reserved
Oct 8, 2024