CVE-2024-50556

Name of the Vulnerable Software and Affected Versions: WM Zoom versions n/a through 1.0

Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting. Specifically, it is a DOM-Based XSS vulnerability. This means that the vulnerability occurs when user input is not properly sanitized, allowing an attacker to inject malicious code into the webpage, which can then be executed by the user's browser.

Recommendations: For versions n/a through 1.0, consider disabling any functionality that allows user input to be directly reflected in the webpage's DOM until a patch is available. Restrict access to sensitive areas of the application to minimize the risk of exploitation. Avoid using user-supplied input in the generation of web pages to prevent the injection of malicious scripts. At the moment, there is no information about a newer version that contains a fix for this vulnerability.