CVE-2024-8471

Name of the Vulnerable Software and Affected Versions Job Portal versions (affected versions not specified)

Description A Cross-Site Scripting (XSS) issue exists due to insufficient encryption of user-controlled input. This could allow an attacker to retrieve the session details of an authenticated user through the JOBID and USERNAME parameters in the "/jobportal/process.php" API endpoint.

Recommendations As a temporary workaround, consider restricting access to the "/jobportal/process.php" endpoint until a patch is available. Avoid using the JOBID and USERNAME parameters in this endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.