CVE-2024-7709

Name of the Vulnerable Software and Affected Versions OcoMon versions 4.0RC1 through 5.0RC1

Description A problematic issue has been found in the URL Handler component, specifically affecting the file /includes/common/require access recovery.php. This issue leads to cross site scripting, allowing an attack to be initiated remotely. The exploit has been disclosed to the public and may be used.

Recommendations For OcoMon versions 4.0RC1 through 4.0, upgrade to version 4.0.1 to address this issue. For OcoMon version 5.0RC1, upgrade to version 5.0 to address this issue. As a temporary workaround, consider restricting access to the /includes/common/require access recovery.php file until a patch is available.