CVE-2024-4337

Name of the Vulnerable Software and Affected Versions Adive Framework version 2.0.8

Description The issue is related to insufficient encoding of user-controlled inputs, resulting in a persistent Cross-Site Scripting (XSS) vulnerability. This vulnerability can be exploited via the "/adive/admin/nav/add" API endpoint, affecting multiple parameters, and allows an attacker to retrieve the session details of an authenticated user.

Recommendations For Adive Framework version 2.0.8, consider disabling access to the "/adive/admin/nav/add" API endpoint until a patch is available. Additionally, restrict the use of multiple parameters in this endpoint to minimize the risk of exploitation. As a temporary workaround, avoid using this endpoint with user-controlled inputs until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.