CVE-2024-48906

Name of the Vulnerable Software and Affected Versions Sematell ReplyOne version 7.4.3.0

Description The issue allows for cross-site scripting (XSS) attacks through a ReplyDesk e-mail attachment name. This means an attacker could potentially inject malicious scripts into the system by manipulating the name of an attachment in an email, leading to the execution of unwanted actions on the user's browser.

Recommendations For Sematell ReplyOne version 7.4.3.0, consider validating and sanitizing all user-input data, including email attachment names, to prevent XSS attacks. As a temporary workaround, restrict the ability to upload or send emails with attachments until a patch is available.