CVE-2024-49220

Name of the Vulnerable Software and Affected Versions Cookie Scanner versions 1.1 and earlier

Description The issue is a Cross-Site Request Forgery (CSRF) vulnerability that also allows Stored XSS in Cookie Scanner. This means an attacker can perform unintended actions on a user's account without their knowledge or consent, and also inject malicious scripts into the application.

Recommendations For versions 1.1 and earlier, as a temporary workaround, consider disabling the Cookie Scanner until a patch is available. Restrict access to the Cookie Scanner module to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.