CVE-2024-10412

Name of the Vulnerable Software and Affected Versions Poco-z Guns-Medical version 1.0

Description A vulnerability was found in the function upload of the file /mgr/upload of the component File Upload. The manipulation of the argument picture leads to cross site scripting. The attack can be launched remotely.

Recommendations For Poco-z Guns-Medical version 1.0, consider disabling the upload function of the File Upload component until a patch is available. Restrict access to the /mgr/upload endpoint to minimize the risk of exploitation. Avoid using the picture argument in the affected endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.