CVE-2024-28112

Name of the Vulnerable Software and Affected Versions Peering Manager versions prior to 1.8.3

Description Peering Manager is a BGP session management tool. Affected versions of Peering Manager are subject to a potential stored Cross-Site Scripting (XSS) attack in the name attribute of AS or Platform. The XSS triggers on a router's detail page. Adversaries are able to execute arbitrary JavaScript code with the permission of a victim. XSS attacks are often used to steal credentials or login tokens of other users.

Recommendations For versions prior to 1.8.3, upgrade to version 1.8.3 to address the issue. As a temporary workaround, consider restricting access to the name attribute of AS or Platform to minimize the risk of exploitation. Avoid using the name attribute in the router's detail page until the issue is resolved.