CVE-2024-4424

Name of the Vulnerable Software and Affected Versions CemiPark software versions 4.5, 4.7, 5.03

Description The access control in CemiPark software does not properly validate user-entered data, allowing a stored cross-site scripting (XSS) attack. The parameters used to enter data into the system lack appropriate validation, making it possible to smuggle in HTML/JavaScript code, which will be executed in the user's browser space.

Recommendations For version 4.5, update the input validation mechanism to properly check user-entered data. For version 4.7, implement robust validation for all parameters to prevent XSS attacks. For version 5.03, ensure that all user input is sanitized and validated to prevent code injection. As a temporary workaround, consider restricting user input to minimize the risk of exploitation.