Holded · Holded · CVE-2024-4026
**Name of the Vulnerable Software and Affected Versions**
Holded (affected versions not specified)
**Description**
The issue is related to a Cross-Site Scripting (XSS) vulnerability. This could allow an attacker to store a JavaScript payload within all editable parameters within the 'General' and 'Team ID' functionalities, potentially resulting in a session takeover.
**Recommendations**
At the moment, there is no information about a newer version that contains a fix for this vulnerability.