CVE-2024-27627

Name of the Vulnerable Software and Affected Versions SuperCali version 1.1.0

Description A reflected cross-site scripting (XSS) issue exists, allowing remote attackers to execute arbitrary JavaScript code via the email parameter in the "bad password.php" page. This could potentially affect a significant number of devices worldwide, although the exact number is not specified.

Recommendations For SuperCali version 1.1.0, consider disabling access to the "bad password.php" page or restricting the use of the email parameter until a patch is available. As a temporary workaround, avoid using the email parameter in the affected page to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.