CVE-2024-11071

Name of the Vulnerable Software and Affected Versions DestinyECM solution (affected versions not specified)

Description The issue is related to a Permissive Cross-domain Policy with Untrusted Domains vulnerability in the local API server of the DestinyECM solution. This vulnerability may allow Cross-Site Request Forgery (CSRF) attacks, which can probabilistically enable JSON Hijacking (also known as JavaScript Hijacking) via a forgery web page.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.