CVE-2024-4993

Name of the Vulnerable Software and Affected Versions: SiAdmin version 1.1

Description: The issue allows a remote attacker to send a specially crafted URL to an authenticated user, potentially stealing their cookie session credentials via XSS. This is achieved through the "/show.php" query parameter.

Recommendations: For SiAdmin version 1.1, consider disabling access to the "/show.php" endpoint until a patch is available to prevent potential XSS attacks. Restricting user access to authenticated sessions can also help minimize the risk of exploitation.