CVE-2024-24945

Name of the Vulnerable Software and Affected Versions Travel Journal Using PHP and MySQL with Source Code version 1.0

Description A stored cross-site scripting (XSS) issue allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Share Your Moments parameter at "/travel-journal/write-journal.php". This enables attackers to potentially manipulate the website's behavior or steal user data.

Recommendations For Travel Journal Using PHP and MySQL with Source Code version 1.0, consider disabling the /travel-journal/write-journal.php endpoint until a patch is available to prevent exploitation. Restrict access to the Share Your Moments parameter to minimize the risk of arbitrary script execution. At the moment, there is no information about a newer version that contains a fix for this issue.