CVE-2024-41514

Name of the Vulnerable Software and Affected Versions CADClick versions 1.11.0 and earlier

Description A reflected cross-site scripting (XSS) vulnerability in "PrevPgGroup.aspx" allows remote attackers to inject arbitrary web script or HTML via the wer parameter. This flaw lets remote attackers inject malicious code.

Recommendations For CADClick versions 1.11.0 and earlier, as a temporary workaround, consider restricting access to the "PrevPgGroup.aspx" page until a patch is available. Avoid using the wer parameter in the affected page to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.