CVE-2024-50623 Information

Description

In Cleo Harmony before 5.8.0.20 VLTrader before 5.8.0.20 and LexiCom before 5.8.0.20 there is a JavaScript Injection vulnerability: unrestricted file upload and download could lead to remote code execution.

Reference

https://support.cleo.com/hc/en-us/articles/27140294267799-Cleo-Product-Security-Advisory