CVE-2024-25218

Name of the Vulnerable Software and Affected Versions Task Manager App version 1.0

Description A cross-site scripting (XSS) issue allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Project Name parameter in the "/TaskManager/Projects.php" API endpoint. This enables attackers to potentially manipulate the application's behavior or steal user data.

Recommendations For Task Manager App version 1.0, consider disabling the Project Name parameter in the "/TaskManager/Projects.php" API endpoint until a patch is available to prevent exploitation. Restrict access to this endpoint to minimize the risk of arbitrary script execution. At the moment, there is no information about a newer version that contains a fix for this issue.