CVE-2024-1749

Name of the Vulnerable Software and Affected Versions Bdtask Bhojon Best Restaurant Management Software version 2.9

Description A problematic issue has been found in the software, affecting the processing of the file /dashboard/message of the component Message Page. The manipulation of the argument Title leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Recommendations For version 2.9, consider disabling the manipulation of the Title argument in the /dashboard/message file of the Message Page component until a patch is available. Restrict access to the Message Page to minimize the risk of exploitation. Avoid using the Title argument in the affected component until the issue is resolved.