CVE-2024-37828

Name of the Vulnerable Software and Affected Versions Vermeg Agile Reporter version 23.2.1

Description The issue is a stored cross-site scripting (XSS) that allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Message field under the Set Broadcast Message module. This enables attackers to potentially manipulate the web application's behavior or steal user data.

Recommendations For Vermeg Agile Reporter version 23.2.1, consider disabling the Set Broadcast Message module or restricting access to it until a patch is available to prevent exploitation of the stored XSS issue. Additionally, avoid using the Message field in the Set Broadcast Message module until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.