CVE-2024-41513

Name of the Vulnerable Software and Affected Versions CADClick versions 1.11.0 and earlier

Description A reflected cross-site scripting (XSS) vulnerability is present in "Artikel.aspx" in CADClick, allowing remote attackers to inject arbitrary web script or HTML via the searchindex parameter. This issue enables attackers to execute malicious scripts on the client-side.

Recommendations For CADClick versions 1.11.0 and earlier, as a temporary workaround, consider restricting access to the "Artikel.aspx" page until a patch is available. Avoid using the searchindex parameter in the affected page to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.