Cross-Site Scripting Vulnerability in AyeCode GeoDirectory
CVE-2024-50437
5.4MEDIUM
What is CVE-2024-50437?
AyeCode GeoDirectory is susceptible to a Cross-Site Scripting (XSS) vulnerability stemming from improper input neutralization during web page generation. This flaw permits attackers to inject arbitrary scripts into the web pages viewed by users, effectively leading to stored XSS attacks. Consequently, an attacker can exploit this vulnerability to execute malicious scripts on user devices, potentially compromising user data, session cookies, or redirecting users to malicious sites. Affected versions include GeoDirectory from n/a through 2.3.80.
Affected Version(s)
GeoDirectory 0 <= 2.3.80