CVE-2024-4026 Information

Description

Cross-Site Scripting (XSS) vulnerability in the Holded application. This vulnerability could allow an attacker to store a JavaScript payload within all editable parameters within the ‘General’ and ‘Team ID’ functionalities which could result in a session takeover.

Reference

https://www.incibe.es/en/incibe-cert/notices/aviso/cross-site-scripting-holded-application