CVE-2024-51328

Name of the Vulnerable Software and Affected Versions Travel Management System version 1.0

Description The issue allows a remote attacker to inject arbitrary code via the t2 parameter in the addcategory.php file. This enables the attacker to execute malicious scripts on the victim's browser, potentially leading to unauthorized actions or data theft.

Recommendations For Travel Management System version 1.0, consider disabling access to the addcategory.php file or restricting the use of the t2 parameter until a patch is available. As a temporary workaround, avoid using the t2 parameter in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.