MAP-OS 4.45.0 and earlier is vulnerable to Cross-Site Scripting (XSS). This vulnerability allows malicious users to insert a malicious payload into the "Client Name" input. When a service order from this client is created, the malicious payload is displayed on the administrator and employee dashboards, resulting in unauthorized script execution whenever the dashboard is loaded.
History

Thu, 03 Jul 2025 16:45:00 +0000

Type Values Removed Values Added
First Time appeared Mapos
Mapos map-os
CPEs cpe:2.3:a:mapos:map-os:*:*:*:*:*:*:*:*
Vendors & Products Mapos
Mapos map-os

Fri, 01 Nov 2024 16:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-79
Metrics cvssV3_1

{'score': 5.4, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2024-06-25T00:00:00

Updated: 2024-11-01T15:28:51.878Z

Reserved: 2024-05-30T00:00:00

Link: CVE-2024-36819

cve-icon Vulnrichment

Updated: 2024-08-02T03:43:49.158Z

cve-icon NVD

Status : Analyzed

Published: 2024-06-25T19:15:11.837

Modified: 2025-07-03T16:28:57.487

Link: CVE-2024-36819

cve-icon Redhat

No data.