CVE-2023-24081

Name of the Vulnerable Software and Affected Versions Redrock Software TutorTrac versions prior to 4.2.170210

Description The issue allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the reason and location fields of the visits listing page. This is a result of multiple stored cross-site scripting (XSS) vulnerabilities.

Recommendations For versions prior to 4.2.170210, update to version 4.2.170210 or later to resolve the issue. As a temporary workaround, consider restricting access to the visits listing page or validating and sanitizing user input in the reason and location fields to prevent malicious payloads.