Vulnerability

CVE-2024-53569:Stored Cross-Site Scripting (XSS) in Volmarg Personal Management System

Author
Updated: April 4th, 2025
2 mins read
stored-xss-volmarg-2

Product Name: Volmarg Personal Management System
Vulnerability: Stored Cross-Site Scripting (XSS)
Vulnerable Version: v1.4.65
CVE: CVE-2024-53569

The researchers from Astra’s security team, on March 06, 2025, discovered a stored cross-site scripting (XSS) vulnerability in the Volmarg Personal Management System v1.4.65. The vulnerability was identified in the “Description” field on the “Add Goal” page, where improper validation of user input allowed attackers to inject malicious scripts.

A stored XSS vulnerability occurs when an application allows user-supplied input to be stored without proper sanitization, making it accessible to other users. This enables attackers to execute arbitrary JavaScript or HTML within the victim’s browser, leading to session hijacking, data theft, and other malicious activities.

Technical Breakdown

How was it discovered?

The vulnerability originates from the lack of input validation in the “Description” field of the “Add Goal” page. Researchers identified that the application fails to sanitize user-supplied content before rendering it back to users.

How to recreate this vulnerability?

  1. Login to the Demo Web Application.
  2. Navigate to the “List” option under the “Goals” menu from the navigation panel.
  3. Click the “+” button to add a new goal.
  4. Enter an XSS payload into the “Description” field and provide any random value in the “Name” field.
  5. Submit the form by clicking the “SUBMIT” button.
  6. Traverse to the “Dashboard” page and observe that an alert is triggered based on the injected payload.

Impact of Stored XSS Vulnerability

The severity of this vulnerability is classified as Critical due to its potential impact:

  • User Session Hijacking: Attackers can steal session cookies, leading to unauthorized access.
  • Defacement & Data Manipulation: Malicious scripts can alter displayed content or perform actions on behalf of the victim.
  • Credential Theft: Phishing attacks can be executed by injecting deceptive login forms.
  • Persistent Exploitation: The injected scripts remain in the application, affecting multiple users over time.

Current Status

Astra’s security team has responsibly disclosed the issue to the developers of the Volmarg Personal Management System. The vendor has acknowledged the report and is currently working on a security patch to address the vulnerability.

What Can You Do?

Users are advised to apply the patch as soon as it is available and validate the user input and sanitize it to mitigate the risk in the meantime.

Hand-picked articles for you

stored-xss-backdrop
Vulnerability

CVE-2025-25062:Stored Cross-Site Scripting (XSS) in Backdrop CMS v1.28.2

Prateek Kuber
April 4th, 2025
Stored XSS Volmarg-Feature
Vulnerability

CVE-2024-53568:Stored Cross-Site Scripting (XSS) Vulnerability in Volmarg Personal Management System

Prateek Kuber
March 19th, 2025
Content Spoofing RosarioSIS
Vulnerability

Content Spoofing Vulnerability in RosarioSIS Student Information System

Prateek Kuber
March 19th, 2025

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Psst! Hi there. We're Astra.

We make security simple and hassle-free for thousands of businesses worldwide.

Our security products include a vulnerability scanner and pentests to protect your site from the evil forces on the internet, even when you sleep.

Speak to Sales Get a Pentest
earth

Made with ❤️ in USA  India

Copyright © 2025 ASTRA IT, Inc. All Rights Reserved.

Privacy Policy Terms of Service Report a Vulnerability