CVE-2024-6920

Name of the Vulnerable Software and Affected Versions NACPremium versions through 01082024

Description The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting. This allows for Stored XSS attacks. The estimated number of potentially affected devices worldwide is not provided. There is no information about real-world incidents where this issue was exploited.

Technical details about exploitation include the fact that it is a Stored XSS vulnerability, which means that an attacker can inject malicious code into a website, and this code will be stored on the server. When other users access the website, the malicious code will be executed.

Recommendations For versions through 01082024, upgrade to a supported version as soon as possible if available. As a temporary workaround, consider monitoring for signs of exploit and applying any available patches. Restrict access to vulnerable components to minimize the risk of exploitation.