Vulnerability

CVE-2024-53568:Stored Cross-Site Scripting (XSS) Vulnerability in Volmarg Personal Management System

Author
Updated: March 19th, 2025
2 mins read
Stored XSS Volmarg-Feature

Product Name: Volmarg Personal Management System
Vulnerability: Stored Cross-Site Scripting (XSS)
Vulnerable Version: v1.4.65
CVE: CVE-2024-53568

The researchers from Astra’s security team, on March 06, 2025, discovered a stored cross-site scripting (XSS) vulnerability in Volmarg Personal Management System v1.4.65. The issue was identified in the “Tags” field on the “Image Upload” page, where improper user input validation allowed attackers to execute arbitrary scripts.

A stored XSS vulnerability occurs when an application stores malicious user input without proper sanitization, making it accessible to other users and potentially leading to session hijacking or data theft.

Technical Breakdown

How Was It Discovered?

Astra’s security researchers identified this vulnerability while analyzing user input handling on the “Image Upload” page. The “Tags” field allowed unrestricted input, which was later reflected on the “Main Folder” page without proper encoding or sanitization. This flaw enabled JavaScript execution in the victim’s browser, leading to a successful XSS attack.

How To Recreate This Vulnerability?

  1. Login to the Demo Web Application.
  2. Navigate to the “Upload” option in the left-hand navigation panel and select “Add.”
  3. Click on the “Folder” button to open the file selection dialog.
  4. Choose a random image file and click “Open.”
  5. Enter an XSS payload into the “Tags” field and click “UPLOAD.”
  6. Navigate to the “Main Folder” page listed under the “Images” drop-down and observe that the injected payload is executed, triggering an alert.

Impact of the Stored XSS Vulnerability

The severity of this vulnerability is critical, as it can be exploited to:

  • Compromise User Sessions: Attackers can steal session cookies, leading to session hijacking and unauthorized access.
  • Execute Malicious Scripts: Arbitrary JavaScript can be injected and executed in the context of other users’ sessions.
  • Deface the Application: Attackers can modify page content, misleading users and damaging the system’s integrity.
  • Phishing Attacks: Users can be tricked into providing sensitive information through fake forms injected via XSS.

Current Status

The vulnerability was discovered in the “Tags” field on the “Image Upload” page of Volmarg Personal Management System v1.4.65. The issue has been reported to the developers, and remediation steps are advised to mitigate the risk.

What Can You Do?

To avoid potential exploitation, users are strongly advised to update Volamarg PMS to the latest version, which includes essential security patches.

Hand-picked articles for you

stored-xss-volmarg-2
Vulnerability

CVE-2024-53569:Stored Cross-Site Scripting (XSS) in Volmarg Personal Management System

Prateek Kuber
April 4th, 2025
stored-xss-backdrop
Vulnerability

CVE-2025-25062:Stored Cross-Site Scripting (XSS) in Backdrop CMS v1.28.2

Prateek Kuber
April 4th, 2025
Content Spoofing RosarioSIS
Vulnerability

Content Spoofing Vulnerability in RosarioSIS Student Information System

Prateek Kuber
March 19th, 2025

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Psst! Hi there. We're Astra.

We make security simple and hassle-free for thousands of businesses worldwide.

Our security products include a vulnerability scanner and pentests to protect your site from the evil forces on the internet, even when you sleep.

Speak to Sales Get a Pentest
earth

Made with ❤️ in USA  India

Copyright © 2025 ASTRA IT, Inc. All Rights Reserved.

Privacy Policy Terms of Service Report a Vulnerability