CVE-2024-41516

Name of the Vulnerable Software and Affected Versions CADClick versions up to 1.11.0

Description A Reflected cross-site scripting (XSS) vulnerability in "ccHandler.aspx" allows remote attackers to inject arbitrary web script or HTML via the bomid parameter. This vulnerability enables attackers to execute malicious scripts on the victim's browser.

Recommendations For CADClick versions up to 1.11.0, consider disabling access to the "ccHandler.aspx" page or restricting the use of the bomid parameter until a patch is available. Avoid using the bomid parameter in the affected API endpoint until the issue is resolved.