CVE-2024-5405

Name of the Vulnerable Software and Affected Versions: WinNMP version 19.02

Description: A vulnerability has been discovered that allows for an XSS attack via the /tools/redis.php page, specifically in the k, hash, key, and p parameters. This could enable a remote user to submit a specially crafted JavaScript payload, allowing them to retrieve an authenticated user's session details.

Recommendations: For WinNMP version 19.02, consider disabling access to the /tools/redis.php page until a patch is available. Additionally, restrict the use of the k, hash, key, and p parameters in this page to minimize the risk of exploitation.