CVE-2026-24415

Name of the Vulnerable Software and Affected Versions OpenSTAManager versions prior to 2.9.9

Description OpenSTAManager is a management software for technical assistance and invoicing. The application does not properly sanitize user-supplied input from the righe GET parameter before reflecting it in HTML output. Specifically, the $ GET['righe'] parameter is directly echoed into the HTML value attribute without sanitization, potentially allowing an attacker to inject arbitrary HTML or JavaScript. This is a Reflected Cross-Site Scripting (XSS) issue.

Recommendations Versions prior to 2.9.9 should be updated.