CVE-2024-41572

Name of the Vulnerable Software and Affected Versions Learning with Texts (LWT) version 2.0.3

Description The issue is related to Cross Site Scripting (XSS), where the application fails to filter special characters in URL parameters, allowing remote attackers to inject JavaScript code without authorization. This can lead to the theft of user credentials or the execution of malicious actions, such as injecting scripts or redirecting users to malicious sites.

Recommendations For Learning with Texts (LWT) version 2.0.3, consider disabling the function that handles URL parameters until a patch is available to prevent the injection of malicious JavaScript code. Restrict access to sensitive areas of the application to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.