CVE-2024-8750

Name of the Vulnerable Software and Affected Versions: idoit pro version 28

Description: A Cross-site Scripting (XSS) issue allows an attacker to retrieve session details of an authenticated user due to the lack of proper sanitization of the following parameters: id, lang, mNavID, name, pID, treeNode, type, view. This enables the attacker to potentially exploit the session details for malicious purposes.

Recommendations: For idoit pro version 28, consider disabling or restricting access to the parameters id, lang, mNavID, name, pID, treeNode, type, view until a patch is available to prevent the exploitation of this issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.