PT-2024-33663 · Frappe+1 · Press
Syed-Ali-Abbas
·
Published
2024-10-23
·
Updated
2024-10-25
·
CVE-2024-49751
CVSS v4.0
1.2
Low
| Vector | AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:N/SI:L/SA:N/E:U |
Name of the Vulnerable Software and Affected Versions:
Press versions prior to commit 5d118a902872d7941f099ad1fb918e2421e79ccd
Description:
The issue allows a user to inject HTML through SaaS signup inputs, which could affect the user themselves but not other users.
Recommendations:
For versions prior to commit 5d118a902872d7941f099ad1fb918e2421e79ccd, update to a version that includes the patch commit 5d118a902872d7941f099ad1fb918e2421e79ccd to resolve the issue. As a temporary workaround, consider validating and sanitizing user input in SaaS signup fields to prevent HTML injection until the patch is applied.
Exploit
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Press