Platform
php
Component
bhojon-best-restaurant-management-software
Fixed in
2.9.1
A problematic cross-site scripting (XSS) vulnerability has been identified in Bdtask Bhojon Best Restaurant Management Software versions 2.9. This vulnerability impacts the processing of files within the /dashboard/message component, specifically allowing manipulation of the Title argument. Successful exploitation could lead to malicious script execution within a user's browser, potentially compromising sensitive data. The vulnerability is fixed in version 2.9.1.
This XSS vulnerability allows an attacker to inject arbitrary JavaScript code into the Bhojon Best Restaurant Management Software application. An attacker could leverage this to steal user session cookies, redirect users to malicious websites, or deface the application's interface. The impact is amplified if the application is used to manage sensitive customer data or financial transactions, as an attacker could potentially gain access to this information. The vulnerability's location within the message page suggests that it could be exploited through crafted messages or comments, potentially affecting a wide range of users.
This vulnerability was publicly disclosed on February 22, 2024, and has been assigned identifier VDB-254531. The vendor was contacted but did not respond. The CVSS score is 2.4 (LOW), indicating a relatively low probability of exploitation. However, the public availability of the vulnerability and the ease of exploitation warrant immediate attention. No active exploitation campaigns have been publicly reported at the time of this writing.
Exploit Status
EPSS
0.13% (33% percentile)
CISA SSVC
CVSS Vector
The primary mitigation for CVE-2024-1749 is to upgrade to Bhojon Best Restaurant Management Software version 2.9.1 or later. If upgrading is not immediately feasible, consider implementing input validation and sanitization on the Title argument within the /dashboard/message endpoint. Web application firewalls (WAFs) configured to detect and block XSS payloads can also provide a temporary layer of protection. Regularly review and update security policies to prevent similar vulnerabilities in the future.
Update to a patched version or apply the necessary security measures to prevent the injection of malicious code through the 'Title' field on the message page. Validating and sanitizing user input is crucial. If a patched version is not available, consider disabling or removing the vulnerable functionality until a solution is released.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2024-1749 is a cross-site scripting (XSS) vulnerability affecting Bhojon Best Restaurant Management Software 2.9, allowing attackers to inject malicious scripts via the /dashboard/message endpoint.
If you are using Bhojon Best Restaurant Management Software version 2.9, you are potentially affected by this vulnerability. Upgrade to version 2.9.1 or later to mitigate the risk.
The recommended fix is to upgrade to Bhojon Best Restaurant Management Software version 2.9.1 or later. Consider input validation as a temporary workaround if upgrading is not immediately possible.
While no active exploitation campaigns have been publicly reported, the vulnerability is publicly disclosed and may be exploited. Prompt patching is recommended.
Refer to the Bhojon Best Restaurant Management Software website or their official communication channels for the latest advisory regarding CVE-2024-1749.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.