CVE-2024-8472

Name of the Vulnerable Software and Affected Versions: Job Portal versions (affected versions not specified)

Description: A Cross-Site Scripting (XSS) vulnerability is present, where user-controlled input is not sufficiently encrypted. This could allow an attacker to retrieve the session details of an authenticated user through multiple parameters in "/jobportal/index.php".

Recommendations: As a temporary workaround, consider restricting access to the "/jobportal/index.php" endpoint until a patch is available. Avoid using user-controlled input in the affected endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.