CVE-2024-50637

Name of the Vulnerable Software and Affected Versions: UnoPim versions 0.1.3 and below

Description: The issue is related to Cross Site Scripting (XSS) in the Create User function, allowing attackers to perform XSS via an SVG document. This can be used to steal cookies. The vulnerability is exploited through the Create User feature, where an attacker can use an SVG file extension to perform the XSS attack.

Recommendations: For versions 0.1.3 and below, consider disabling the Create User function until a patch is available to prevent exploitation. Restrict access to the Create User feature to minimize the risk of XSS attacks. Avoid using the Create User function with SVG file extensions until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.