Act-On · Act-On · CVE-2024-24507
**Name of the Vulnerable Software and Affected Versions**
Act-On version 2023
**Description**
The issue allows a remote attacker to execute arbitrary code via the `newUser` parameter in the "login.jsp" component. This enables the attacker to perform Cross Site Scripting attacks.
**Recommendations**
For Act-On version 2023, consider disabling the `newUser` parameter in the "login.jsp" component as a temporary workaround until a patch is available. Restrict access to the "login.jsp" component to minimize the risk of exploitation. Avoid using the `newUser` parameter in the affected component until the issue is resolved.