CVE-2024-6059

Name of the Vulnerable Software and Affected Versions: Ingenico Estate Manager version 2023

Description: A problematic issue has been found in the News Feed component, affecting the processing of the file /emgui/rest/ums/messages. The manipulation of the message argument leads to cross-site scripting. The attack can be initiated remotely. The vendor was contacted about this disclosure but did not respond.

Recommendations: For Ingenico Estate Manager version 2023, as a temporary workaround, consider restricting access to the /emgui/rest/ums/messages file until a patch is available. Avoid using the message argument in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this issue.