CVE-2024-46655

Name of the Vulnerable Software and Affected Versions Ellevo version 6.2.0.38160

Description A reflected cross-site scripting (XSS) vulnerability allows attackers to execute arbitrary code in the context of a user's browser via a crafted payload or URL. This issue enables attackers to execute any code in a user's browser.

Recommendations For Ellevo version 6.2.0.38160, as a temporary workaround, consider restricting access to potentially vulnerable API endpoints or URLs that could be used to deliver a crafted payload until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.