CVE-2024-26472

Name of the Vulnerable Software and Affected Versions KLiK SocialMediaWebsite version 1.0.1

Description A reflected cross-site scripting (XSS) vulnerability may allow remote attackers to execute arbitrary JavaScript in the web browser of a user. This can be achieved by including a malicious payload into the selector or validator parameters of the "create-new-pwd.php" endpoint.

Recommendations For KLiK SocialMediaWebsite version 1.0.1, consider disabling the create-new-pwd.php endpoint until a patch is available. Restrict access to the selector and validator parameters to minimize the risk of exploitation. Avoid using these parameters in the affected endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.