CVE-2024-3654

Name of the Vulnerable Software and Affected Versions Teixo version 1.42.42-stable

Description A cross-site scripting (XSS) issue has been identified, which could allow an attacker to send a specially crafted JavaScript payload via the seconds parameter in the program's URL. This could result in a possible takeover of a registered user's session.

Recommendations For version 1.42.42-stable, consider restricting access to the seconds parameter in the URL to minimize the risk of exploitation. Avoid using the seconds parameter until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.