CVE-2024-4310

Name of the Vulnerable Software and Affected Versions HubBank version 1.0.2

Description The issue is a Cross-site Scripting (XSS) vulnerability that allows an attacker to send a specially crafted JavaScript payload to registration and profile forms. This payload can be triggered when any authenticated user loads the page, resulting in a session takeover.

Recommendations For version 1.0.2, consider disabling the registration and profile forms temporarily until a patch is available to prevent exploitation of the XSS vulnerability. Restrict access to these forms to minimize the risk of session takeover. Avoid using the vulnerable forms in the affected version until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.