CVE-2024-37619

Name of the Vulnerable Software and Affected Versions StrongShop version 1.0

Description A reflected cross-site scripting (XSS) issue was found, which can be exploited via the spec group id parameter at the "/spec/index.blade.php" API endpoint.

Recommendations For StrongShop version 1.0, avoid using the spec group id parameter in the affected API endpoint until the issue is resolved. Consider temporarily restricting access to the "/spec/index.blade.php" endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.