CVE-2024-22854 is a DOM-based HTML injection vulnerability found in the main page of Darktrace Threat Visualizer, specifically affecting versions 6.1.27 (bundle 61050) and earlier. This vulnerability allows an attacker to craft a URL that, if visited by an authenticated user, triggers an open redirect and may lead to credential theft via an injected HTML form. This type of attack relies on tricking users into interacting with the compromised URL while logged in.
See more details on: