CVE-2024-28741

Name of the Vulnerable Software and Affected Versions EginDemirbilek NorthStar C2 version 1

Description The issue allows a remote attacker to execute arbitrary code via the login.php component due to a Cross Site Scripting vulnerability. This vulnerability exists because of the lack of protection measures for the web page structure, potentially enabling an attacker to execute commands on NorthStar C2 agents.

Recommendations For EginDemirbilek NorthStar C2 version 1, as a temporary workaround, consider disabling the login.php component until a patch is available. Restrict access to the vulnerable component to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.