CVE-2024-5406

Name of the Vulnerable Software and Affected Versions: WinNMP version 19.02

Description: A vulnerability has been discovered that allows for an XSS attack via the index page, specifically in the from, subject, text, and hash parameters. This could enable a remote user to send a specially crafted query to an authenticated user, potentially stealing their session details.

Recommendations: For WinNMP version 19.02, consider restricting access to the index page or disabling the vulnerable parameters from, subject, text, and hash until a patch is available. Additionally, as a temporary workaround, restrict the ability for remote users to send specially crafted queries to authenticated users to minimize the risk of session detail theft. At the moment, there is no information about a newer version that contains a fix for this vulnerability.