CVE-2024-2997

Name of the Vulnerable Software and Affected Versions Bdtask Multi-Store Inventory Management System versions up to 20240320

Description A vulnerability was found in the system, affecting an unknown functionality. The manipulation of the Category Name, Model Name, Brand Name, or Unit Name argument leads to cross-site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

Recommendations For versions up to 20240320, as a temporary workaround, consider restricting the use of the Category Name, Model Name, Brand Name, and Unit Name arguments to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.