CVE-2024-26471

Name of the Vulnerable Software and Affected Versions zhimengzhe iBarn version 1.5

Description A reflected cross-site scripting (XSS) vulnerability allows attackers to inject malicious JavaScript into the web browser of a victim via the search parameter in "offer.php". This issue enables attackers to execute malicious scripts in the context of the victim's browser, potentially leading to unauthorized actions or data theft.

Recommendations For zhimengzhe iBarn version 1.5, consider disabling the search functionality in offer.php until a patch is available to prevent exploitation of the reflected XSS vulnerability. Restrict access to the offer.php page to minimize the risk of exploitation. Avoid using the search parameter in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.