CVE-2024-9571

Name of the Vulnerable Software and Affected Versions SOPlanning versions prior to 1.45

Description A Cross-Site Scripting (XSS) issue exists due to the lack of proper validation of user input via the /soplanning/www/process/xajax server.php endpoint, affecting multiple parameters. This could allow a remote user to send a specially crafted query to an authenticated user and partially take control of their browser session. The vulnerability may be exploited by a remote attacker to conduct an XSS attack.

Recommendations For versions prior to 1.45, as a temporary workaround, consider restricting access to the /soplanning/www/process/xajax server.php endpoint until a patch is available. Avoid using vulnerable parameters in the affected endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.