PT-2024-27168 · Mapos · Mapos
Pr3D4Dor
·
Published
2024-06-25
·
Updated
2025-07-03
·
CVE-2024-36819
CVSS v3.1
5.4
Medium
| Vector | AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
MAP-OS versions 4.45.0 and earlier
Description
The issue allows malicious users to insert a malicious payload into the
Client Name input, resulting in unauthorized script execution on the administrator and employee dashboards when a service order from this client is created.Recommendations
For MAP-OS versions 4.45.0 and earlier, consider restricting the input for the
Client Name field to prevent malicious payload insertion until a fix is available.
As a temporary workaround, limit access to the administrator and employee dashboards to minimize the risk of exploitation.Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Mapos