MAP-OS 4.45.0 and earlier is vulnerable to Cross-Site Scripting (XSS). This vulnerability allows malicious users to insert a malicious payload into the "Client Name" input. When a service order from this client is created, the malicious payload is displayed on the administrator and employee dashboards, resulting in unauthorized script execution whenever the dashboard is loaded.
Metrics
Affected Vendors & Products
References
History
Thu, 03 Jul 2025 16:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Mapos
Mapos map-os |
|
CPEs | cpe:2.3:a:mapos:map-os:*:*:*:*:*:*:*:* | |
Vendors & Products |
Mapos
Mapos map-os |
Fri, 01 Nov 2024 16:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Weaknesses | CWE-79 | |
Metrics |
cvssV3_1
|

Status: PUBLISHED
Assigner: mitre
Published: 2024-06-25T00:00:00
Updated: 2024-11-01T15:28:51.878Z
Reserved: 2024-05-30T00:00:00
Link: CVE-2024-36819

Updated: 2024-08-02T03:43:49.158Z

Status : Analyzed
Published: 2024-06-25T19:15:11.837
Modified: 2025-07-03T16:28:57.487
Link: CVE-2024-36819

No data.