CVE-2024-26557

Name of the Vulnerable Software and Affected Versions Codiad version 2.8.4

Description The issue allows reflected XSS via the type parameter in the "components/market/dialog.php" endpoint. This can lead to remote execution. There is no information about the estimated number of potentially affected devices worldwide or real-world incidents where this issue was exploited.

Recommendations For Codiad version 2.8.4, sanitize inputs to prevent XSS attacks and patch as soon as possible to mitigate the risk of remote execution. As a temporary workaround, consider restricting access to the "components/market/dialog.php" endpoint or sanitizing the type parameter to minimize the risk of exploitation.