CVE-2024-25155

Name of the Vulnerable Software and Affected Versions FileCatalyst Direct versions 3.8.6 through 3.8.8

Description The web server in FileCatalyst Direct does not properly sanitize illegal characters in a URL, which can be displayed on a subsequent error page. This allows a malicious actor to craft a URL that can execute arbitrary code within an HTML script tag.

Recommendations For versions 3.8.6 through 3.8.8, update to a version later than 3.8.8 to resolve the issue. As a temporary workaround, consider restricting access to the web server to minimize the risk of exploitation.