CVE-2024-42789

Name of the Vulnerable Software and Affected Versions Kashipara Music Management System version 1.0

Description A Reflected Cross Site Scripting (XSS) issue was found in the "/music/controller.php?page=test" endpoint, allowing remote attackers to execute arbitrary code via the page parameter. This issue enables attackers to inject malicious scripts into the website, potentially leading to unauthorized actions.

Recommendations For Kashipara Music Management System version 1.0, as a temporary workaround, consider restricting access to the "/music/controller.php?page=test" endpoint until a patch is available. Avoid using the page parameter in this endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.