CVE-2024-48534

Name of the Vulnerable Software and Affected Versions eSoft Planner version 3.24.08271-USA

Description A reflected cross-site scripting (XSS) issue in the Camp Details module allows attackers to execute arbitrary code in the context of a user's browser by injecting a crafted payload. This enables the execution of malicious scripts, potentially leading to unauthorized actions or data exposure.

Recommendations For eSoft Planner version 3.24.08271-USA, consider disabling access to the Camp Details module until a patch is available to prevent potential exploitation. Restricting user input in this module can also help minimize the risk of arbitrary code execution. At the moment, there is no information about a newer version that contains a fix for this vulnerability.