CVE-2024-34335

Name of the Vulnerable Software and Affected Versions ORDAT FOSS-Online versions prior to 2.24.01

Description A reflected cross-site scripting (XSS) vulnerability was discovered in the login page of ORDAT FOSS-Online. This issue allows for the execution of malicious scripts, potentially leading to unauthorized access or data theft. The vulnerability is exploited via the login page, but specific details about API endpoints, vulnerable parameters, or function names are not provided.

Recommendations For versions prior to 2.24.01, update to version 2.24.01 or later to resolve the issue. As a temporary workaround, consider restricting access to the login page until the update can be applied. Avoid using the login functionality in a way that could potentially exploit the reflected XSS vulnerability until the issue is resolved.