Cross-Site Scripting Vulnerability in Monaco ImmoToolBox Connect
CVE-2024-54335
7.1HIGH
What is CVE-2024-54335?
The vulnerability in ZebraSoft's ImmoToolBox Connect arises from improper neutralization of input during the web page generation process, leading to a reflected Cross-Site Scripting (XSS) vulnerability. This flaw allows attackers to inject malicious scripts into web pages viewed by users, which could lead to unauthorized access to sensitive information and compromise site integrity. Affected versions include those prior to 1.3.3. Implementing input validation and employing Content Security Policy (CSP) can help mitigate the risks associated with this issue.
Affected Version(s)
ImmoToolBox Connect <= 1.3.3