CVE-2022-24582

Name of the Vulnerable Software and Affected Versions Accounting Journal Management version 1.0

Description The issue concerns a stored XSS and PHPSESSID hijacking vulnerability. The manage user parameter from User lists is vulnerable to these attacks. A malicious user can exploit the system using an existing session from both inside and outside the network.

Recommendations For Accounting Journal Management version 1.0, consider restricting access to the manage user parameter in the User lists to minimize the risk of exploitation. As a temporary workaround, avoid using the manage user parameter until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.