CVE-2021-45888

Name of the Vulnerable Software and Affected Versions PONTON X/P Messenger versions prior to 3.11.2

Description The navigation tree in the web application is susceptible to XSS, allowing the injection of JavaScript into its nodes. This issue can be exploited by users with the role of Configuration Administrator or Administrator, who have the capability to create such nodes.

Recommendations For versions prior to 3.11.2, update to version 3.11.2 or later to resolve the issue. As a temporary workaround, consider restricting the creation of new nodes in the navigation tree to minimize the risk of exploitation. Additionally, limiting the privileges of users with the roles Configuration Administrator or Administrator may also help mitigate the risk until a patch is applied.