CVE-2024-6183

Name of the Vulnerable Software and Affected Versions: EZ-Suite EZ-Partner version 5

Description: A vulnerability has been found in the Forgot Password Handler component, leading to basic cross site scripting. The manipulation can be launched remotely. The vendor was contacted about this disclosure but did not respond.

Recommendations: For EZ-Suite EZ-Partner version 5, consider disabling the Forgot Password Handler component until a patch is available. Restrict access to this component to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.