Teixo · Teixo · CVE-2024-3654
**Name of the Vulnerable Software and Affected Versions**
Teixo version 1.42.42-stable
**Description**
A cross-site scripting (XSS) issue has been identified, which could allow an attacker to send a specially crafted JavaScript payload via the `seconds` parameter in the program's URL. This could result in a possible takeover of a registered user's session.
**Recommendations**
For version 1.42.42-stable, consider restricting access to the `seconds` parameter in the URL to minimize the risk of exploitation. Avoid using the `seconds` parameter until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.