PT-2024-20894 · Unknown · Itflow.Org
Stehled1
·
Published
2024-02-26
·
Updated
2024-08-02
·
CVE-2024-25344
CVSS v3.1
6.1
Medium
| Vector | AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
ITFlow.org versions prior to commit v.432488eca3998c5be6b6b9e8f8ba01f54bc12378
Description
A Cross Site Scripting issue allows a remote attacker to execute arbitrary code and obtain sensitive information via the settings.php, settings+company.php, settings defaults.php, settings integrations.php, settings invoice.php, settings localization.php, settings mail.php components.
Recommendations
For ITFlow.org versions prior to commit v.432488eca3998c5be6b6b9e8f8ba01f54bc12378, update to a version that includes commit v.432488eca3998c5be6b6b9e8f8ba01f54bc12378 or later to resolve the issue. As a temporary workaround, consider restricting access to the settings.php, settings+company.php, settings defaults.php, settings integrations.php, settings invoice.php, settings localization.php, settings mail.php components until the update is applied.
Exploit
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Itflow.Org