CVE-2024-28803

Name of the Vulnerable Software and Affected Versions: Italtel S.p.A. i-MCS NFV version 12.1.0-20211215

Description: The issue is a cross-site scripting (XSS) vulnerability that allows unauthenticated remote attackers to inject arbitrary web script or HTML into HTTP/POST parameters. This can be exploited by attackers to execute malicious scripts on the victim's browser.

Recommendations: For Italtel S.p.A. i-MCS NFV version 12.1.0-20211215, consider restricting access to HTTP/POST parameters to minimize the risk of exploitation until a patch is available. As a temporary workaround, avoid using vulnerable parameters in the affected API endpoints until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.