CVE-2024-28804

Name of the Vulnerable Software and Affected Versions Italtel i-MCS NFV version 12.1.0-20211215

Description An issue was discovered that allows stored Cross-site scripting (XSS) to occur via POST requests. This means an attacker can inject malicious scripts into the system, which can then be executed by other users, potentially leading to unauthorized actions or data theft.

Recommendations For Italtel i-MCS NFV version 12.1.0-20211215, as a temporary workaround, consider restricting access to the POST endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.