CVE-2024-4657

Name of the Vulnerable Software and Affected Versions Talent Software BAP Automation versions before 30840

Description The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting (XSS). This allows for Stored XSS, enabling attackers to execute malicious scripts. The estimated number of potentially affected devices worldwide is not provided. There is no information about real-world incidents where this issue was exploited.

Technical details about exploitation include the general concept of Stored XSS, where an attacker injects malicious code into a website, which is then stored on the server and executed when other users access the site. However, specific API endpoints, vulnerable parameters, or function names are not mentioned.

Recommendations For Talent Software BAP Automation versions before 30840, upgrade the affected component immediately to mitigate the risk of remote attack. As a temporary workaround, consider restricting access to the component until the issue is resolved.