CVE-2024-12595

Name of the Vulnerable Software and Affected Versions AHAthat Plugin versions 1.6 and prior

Description The issue is related to Reflected Cross-Site Scripting in old web browsers due to the failure to escape the $ SERVER['REQUEST URI'] parameter before outputting it back in an attribute. This could lead to reflected XSS attacks via unsanitized input.

Recommendations For versions 1.6 and prior, as a temporary workaround, consider disabling the use of the $ SERVER['REQUEST URI'] parameter in attributes until a patch is available. Restrict access to potentially vulnerable attributes to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.