CVE-2024-57278

Name of the Vulnerable Software and Affected Versions QingScan versions <=1.8.0

Description A reflected Cross-Site Scripting (XSS) vulnerability exists in "/webscan/sqlmap/index.html" due to improper input sanitization of the query parameter, allowing an attacker to inject malicious JavaScript payloads. When a victim accesses a crafted URL containing the malicious input, the script executes in the victim's browser context.

Recommendations For QingScan versions <=1.8.0, as a temporary workaround, consider restricting access to the "/webscan/sqlmap/index.html" endpoint until a patch is available. Additionally, avoid using the vulnerable query parameter in the affected endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.