CVE-2024-13225

Name of the Vulnerable Software and Affected Versions ECT Home Page Products versions 1.9 and earlier

Description The issue arises from the plugin not sanitizing and escaping a parameter before outputting it back in the page. This leads to a Reflected Cross-Site Scripting that could be used against high privilege users, such as administrators.

Recommendations For versions 1.9 and earlier, update to a version that addresses this issue, as the current version does not properly sanitize and escape parameters, leading to potential Cross-Site Scripting attacks. As a temporary workaround, consider restricting access to the plugin's functionality to minimize the risk of exploitation until a patch is available.