CVE-2024-41371

Name of the Vulnerable Software and Affected Versions Organizr version 1.90

Description The issue is related to Cross Site Scripting (XSS) via the "api.php" endpoint. This means an attacker could potentially inject malicious scripts into the website, affecting users' sessions.

Recommendations For Organizr version 1.90, as a temporary workaround, consider disabling access to the "api.php" endpoint until a patch is available. Restrict access to this endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.