CVE-2024-4336

Name of the Vulnerable Software and Affected Versions Adive Framework version 2.0.8

Description The issue is related to insufficient encoding of user-controlled inputs, resulting in a persistent Cross-Site Scripting (XSS) vulnerability. This vulnerability can be exploited via the "/adive/admin/tables/add" endpoint, affecting multiple parameters. An attacker could potentially retrieve the session details of an authenticated user.

Recommendations For Adive Framework version 2.0.8, consider disabling access to the "/adive/admin/tables/add" endpoint until a proper fix is available, and ensure that all user-controlled inputs are properly encoded to prevent XSS attacks. At the moment, there is no information about a newer version that contains a fix for this vulnerability.