Cross-Site Scripting Vulnerability in LocalServer from Incibe

CVE-2024-10288

What is CVE-2024-10288?

A Cross-Site Scripting (XSS) vulnerability exists in LocalServer 1.0.9, allowing remote users to craft malicious queries targeting authenticated users. Exploiting the vulnerability via the '/mlss/SubscribeToList' endpoint with the 'ListName' parameter could result in session hijacking, enabling the attacker to gain unauthorized access to user session information.

References