CVE-2024-22855

Name of the Vulnerable Software and Affected Versions ITSS iMLog version 1.307

Description A cross-site scripting (XSS) issue exists in the User Maintenance section, allowing attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Last Name parameter.

Recommendations For ITSS iMLog version 1.307, avoid using the Last Name parameter in the User Maintenance section until the issue is resolved. As a temporary workaround, consider restricting access to the User Maintenance section to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.