CVE-2023-40618

Name of the Vulnerable Software and Affected Versions OpenKnowledgeMaps Head Start versions 4, 5, 6, 7 Visual Project Explorer version 1.0

Description A reflected cross-site scripting (XSS) issue allows remote attackers to execute arbitrary JavaScript in the web browser of a user. This is achieved by including a malicious payload into the service parameter in the 'headstart snapshot.php' endpoint.

Recommendations For OpenKnowledgeMaps Head Start versions 4, 5, 6, 7, consider disabling access to the 'headstart snapshot.php' endpoint until a patch is available. For Visual Project Explorer version 1.0, restrict the use of the service parameter in the 'headstart snapshot.php' endpoint to minimize the risk of exploitation. As a temporary workaround, avoid using the service parameter in the affected endpoint until the issue is resolved.