CVE-2023-38878

Name of the Vulnerable Software and Affected Versions DevCode OpenSTAManager versions 2.4.24 through 2.4.47

Description A reflected cross-site scripting (XSS) vulnerability may allow a remote attacker to execute arbitrary JavaScript in the web browser of a victim by injecting a malicious payload into the error and error description parameters of 'oauth2.php'. This allows the attacker to execute malicious code in the context of the victim's web browser.

Recommendations For DevCode OpenSTAManager versions 2.4.24 through 2.4.47, consider disabling access to the 'oauth2.php' endpoint until a patch is available. Restrict input to the error and error description parameters to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.