CVE-2024-37472

Name of the Vulnerable Software and Affected Versions Woffice versions through 5.4.8

Description The issue is a Cross Site Scripting (XSS) vulnerability, specifically a Reflected XSS, in WofficeIO Woffice. This type of vulnerability allows an attacker to inject malicious scripts into a website, potentially leading to unauthorized access or control.

Recommendations For versions through 5.4.8, consider disabling any features that may be susceptible to Reflected XSS attacks until a patch is available. Restrict access to potentially vulnerable modules or functions to minimize the risk of exploitation. Avoid using any parameters or variables that could be used to inject malicious scripts in affected API endpoints until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.