LOWCVE-2024-1030CVSS 3.5

CVE-2024-1030: XSS in Cogites eReserv 7.7.58

Platform

php

Component

ereserv

Fixed in

7.7.59

AI Confidence: highNVDEPSS 0.1%Reviewed: May 2026

View on NVD

Save

A cross-site scripting (XSS) vulnerability has been identified in Cogites eReserv versions 7.7.58–7.7.58. This flaw allows attackers to inject malicious scripts into the application, potentially compromising user sessions and data. The vulnerability resides within the /front/admin/tenancyDetail.php file and is triggered by manipulating the 'id' argument. A patch is available in version 7.7.59.

Impact and Attack Scenarios

Successful exploitation of CVE-2024-1030 enables an attacker to execute arbitrary JavaScript code within the context of a user's browser session. This can lead to various malicious actions, including stealing session cookies, redirecting users to phishing sites, or defacing the application's interface. The impact is amplified if the application handles sensitive data or is integrated with other systems. While the CVSS score is LOW, the potential for user compromise and data theft remains a significant concern, especially in environments with privileged user accounts.

Exploitation Context

This vulnerability was publicly disclosed on January 30, 2024. No known public exploits or active campaigns targeting CVE-2024-1030 have been reported at the time of writing. The vulnerability is listed in the VirusDataBase (VDB) with identifier VDB-252303. The LOW CVSS score suggests a relatively low probability of exploitation, but diligent monitoring and patching are still recommended.

Threat Intelligence

Exploit Status

Proof of ConceptUnknown

CISA KEVNO

Internet ExposureHigh

EPSS

0.09% (25% percentile)

CVSS Vector

Affected Software

Componentereserv

VendorCogites

Affected rangeFixed in

7.7.58 – 7.7.587.7.59

Weakness Classification (CWE)

CWE-79

Timeline

Reserved2024-01-29
Published2024-01-30
Modified2025-06-17
EPSS updated2026-04-02

Mitigation and Workarounds

The primary mitigation for CVE-2024-1030 is to upgrade Cogites eReserv to version 7.7.59 or later, which contains the fix. If immediate upgrading is not possible, consider implementing input validation and output encoding on the 'id' parameter within the /front/admin/tenancyDetail.php file to sanitize user-supplied data. Web application firewalls (WAFs) configured to detect and block XSS payloads can also provide an additional layer of protection. After upgrading, confirm the vulnerability is resolved by attempting to inject a simple script through the 'id' parameter and verifying that it is not executed.

How to fix

Update to a patched version of eReserv that resolves the XSS vulnerability. If no version is available, review and filter the inputs of the 'id' parameter in the tenancyDetail.php file to prevent the injection of malicious code. Implement input validation and sanitization to prevent future XSS attacks.

CVE Security Newsletter

Vulnerability analysis and critical alerts directly to your inbox.

Frequently asked questions

What is CVE-2024-1030 — XSS in Cogites eReserv?

CVE-2024-1030 is a cross-site scripting (XSS) vulnerability affecting Cogites eReserv versions 7.7.58–7.7.58, allowing attackers to inject malicious scripts.

Am I affected by CVE-2024-1030 in Cogites eReserv?

You are affected if you are running Cogites eReserv version 7.7.58. Upgrade to 7.7.59 to mitigate the risk.

How do I fix CVE-2024-1030 in Cogites eReserv?

Upgrade Cogites eReserv to version 7.7.59 or later. Implement input validation and output encoding as a temporary workaround.

Is CVE-2024-1030 being actively exploited?

No active exploitation campaigns targeting CVE-2024-1030 have been reported, but vigilance is still advised.

Where can I find the official Cogites advisory for CVE-2024-1030?

Refer to the Cogites security advisory for detailed information and updates regarding CVE-2024-1030.