CVE-2024-36819

MEDIUM

MAP-OS 4.45.0 - XSS

Title source: llm

Description

MAP-OS 4.45.0 and earlier is vulnerable to Cross-Site Scripting (XSS). This vulnerability allows malicious users to insert a malicious payload into the "Client Name" input. When a service order from this client is created, the malicious payload is displayed on the administrator and employee dashboards, resulting in unauthorized script execution whenever the dashboard is loaded.

References (2)

Core 2

Core References

Patch

https://github.com/RamonSilva20/mapos/commit/3559bae4782162faab94670f503fd35b0f331929

View Patch ZIP pw:eip

Product

https://github.com/RamonSilva20/mapos/tree/master

Scores

CVSS v3 5.4

EPSS 0.0022

EPSS Percentile 44.0%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-79

Status published

Products (1)

mapos/map-os < 4.45.0

Published Jun 25, 2024

Tracked Since Feb 18, 2026