CVE-2024-29318

Name of the Vulnerable Software and Affected Versions Volmarg Personal Management System version 1.4.64

Description The issue concerns stored cross site scripting (XSS) via the upload of an SVG file that contains embedded JavaScript code. This allows for the potential execution of malicious scripts when the uploaded file is accessed.

Recommendations For Volmarg Personal Management System version 1.4.64, consider disabling the upload of SVG files or restricting the execution of JavaScript code within uploaded files until a patch is available. As a temporary workaround, restrict access to the file upload feature to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.