CVE-2024-41515

Name of the Vulnerable Software and Affected Versions CADClick versions 1.11.0 and below

Description A reflected cross-site scripting (XSS) vulnerability exists in "ccHandlerResource.ashx" in CADClick, allowing remote attackers to inject arbitrary web script or HTML via the res url parameter.

Recommendations For CADClick versions 1.11.0 and below, consider disabling access to the "ccHandlerResource.ashx" handler until a patch is available. Restrict input to the res url parameter to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.