CVE-2024-37671

Name of the Vulnerable Software and Affected Versions Tessi Docubase Document Management product versions 5.x

Description The issue allows a remote attacker to execute arbitrary code via the page parameter, which is used in a Cross Site Scripting attack. This enables the attacker to inject malicious scripts into the website, potentially leading to unauthorized access or control.

Recommendations For Tessi Docubase Document Management product version 5.x, consider restricting access to the page parameter to minimize the risk of exploitation until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.