CVE-2024-48662
📋 TL;DR
A Cross-Site Scripting (XSS) vulnerability in AdGuard Application versions 7.18.1 (4778) and earlier allows attackers to inject malicious scripts via the fontMatrix component. This could enable session hijacking, credential theft, or redirection to malicious sites. Users running vulnerable versions of AdGuard Application are affected.
💻 Affected Systems
- AdGuard Application
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Attacker gains full control of user's browser session, steals authentication cookies, credentials, and sensitive data, potentially leading to account compromise and further system access.
Likely Case
Attacker injects malicious scripts that steal session cookies or credentials, redirect users to phishing sites, or perform actions on behalf of the user within the application.
If Mitigated
Script execution is prevented by Content Security Policy (CSP) or input sanitization, limiting impact to minor UI manipulation.
🎯 Exploit Status
XSS vulnerabilities are commonly weaponized; the public GitHub repository contains proof-of-concept details.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 7.18.2 or later
Vendor Advisory: https://github.com/AdguardTeam/AdGuardForWindows/releases
Restart Required: Yes
Instructions:
1. Open AdGuard Application. 2. Go to Settings > General. 3. Click 'Check for updates'. 4. Install available update. 5. Restart the application.
🔧 Temporary Workarounds
Disable vulnerable component
allTemporarily disable or restrict access to fontMatrix functionality if possible.
Enable Content Security Policy
allImplement CSP headers to restrict script execution from untrusted sources.
🧯 If You Can't Patch
- Disable AdGuard Application until patched.
- Use browser extensions that block XSS payloads.
🔍 How to Verify
Check if Vulnerable:
Check AdGuard version in Settings > General. If version is 7.18.1 (4778) or earlier, it is vulnerable.Check Version:
Not applicable for GUI application; check via application settings.Verify Fix Applied:
Verify version is 7.18.2 or later in Settings > General after update.📡 Detection & Monitoring
Log Indicators:
- Unusual fontMatrix parameter values in application logs
- JavaScript execution errors related to font handling
Network Indicators:
- HTTP requests with suspicious fontMatrix payloads
- Unexpected script loads from external domains
SIEM Query:
source="adguard" AND (fontMatrix CONTAINS "<script>" OR fontMatrix CONTAINS "javascript:")