CVE-2024-24276

Name of the Vulnerable Software and Affected Versions Teamwire Windows desktop client versions 2.0.1 through 2.4.0

Description A Cross Site Scripting (XSS) issue allows a remote attacker to obtain sensitive information via a crafted payload to the chat name, message preview, username, and group name components. This enables the attacker to potentially exploit these components and gain access to confidential data.

Recommendations For versions 2.0.1 through 2.4.0, consider disabling the chat functionality or restricting access to the chat name, message preview, username, and group name components until a patch is available. Avoid using these components with untrusted input to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.