CVE-2024-42904

Name of the Vulnerable Software and Affected Versions SysPass versions 3.2.x

Description A cross-site scripting (XSS) issue allows attackers to execute arbitrary web scripts or HTML by injecting a crafted payload into the name parameter at the "/Controllers/ClientController.php" endpoint. This enables attackers to potentially execute arbitrary code.

Recommendations For SysPass version 3.2.x, update the system as soon as possible and validate inputs to prevent exploitation. Consider temporarily restricting access to the ClientController.php until a patch is available.