CVE-2022-24573

Name of the Vulnerable Software and Affected Versions Element-IT HTTP Commander version 7.0.0

Description A stored cross-site scripting (XSS) vulnerability in the admin interface allows unauthenticated users to gain admin access by injecting a malicious script in the User-Agent field. This issue enables attackers to execute arbitrary code, potentially leading to unauthorized access and control of the system.

Recommendations For Element-IT HTTP Commander version 7.0.0, consider disabling access to the admin interface until a patch is available, and restrict the ability to inject scripts in the User-Agent field to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.