{"id":38170,"date":"2025-03-19T03:52:16","date_gmt":"2025-03-18T22:22:16","guid":{"rendered":"https:\/\/www.getastra.com\/blog\/?p=38170"},"modified":"2025-03-19T03:52:19","modified_gmt":"2025-03-18T22:22:19","slug":"cve-2024-53568stored-cross-site-scripting-xss-vulnerability-in-volmarg-personal-management-system","status":"publish","type":"post","link":"https:\/\/www.getastra.com\/blog\/vulnerability\/cve-2024-53568stored-cross-site-scripting-xss-vulnerability-in-volmarg-personal-management-system\/","title":{"rendered":"CVE-2024-53568:Stored Cross-Site Scripting (XSS) Vulnerability in Volmarg Personal Management System"},"content":{"rendered":"
\n\n

Product Name:<\/strong>\u00a0Volmarg Personal Management System
Vulnerability:<\/strong>\u00a0Stored Cross-Site Scripting (XSS)
Vulnerable Version:\u00a0<\/strong>v1.4.65
CVE:<\/strong>\u00a0CVE-2024-53568<\/p>\n\n<\/div>\n\n\n

The researchers from Astra\u2019s security team, on March 06, 2025, discovered a stored cross-site scripting (XSS) vulnerability in Volmarg Personal Management System v1.4.65. The issue was identified in the “Tags” field on the “Image Upload” page, where improper user input validation allowed attackers to execute arbitrary scripts.<\/p>\n\n\n\n

A stored XSS vulnerability occurs when an application stores malicious user input without proper sanitization, making it accessible to other users and potentially leading to session hijacking or data theft.<\/p>\n\n\n\n

Technical Breakdown<\/strong><\/h3>\n\n\n\n

How Was It Discovered?<\/strong><\/h4>\n\n\n\n

Astra\u2019s security researchers identified this vulnerability while analyzing user input handling on the “Image Upload” page. The “Tags” field allowed unrestricted input, which was later reflected on the “Main Folder” page without proper encoding or sanitization. This flaw enabled JavaScript execution in the victim\u2019s browser, leading to a successful XSS attack.<\/p>\n\n\n\n

How To Recreate This Vulnerability?<\/strong><\/h4>\n\n\n\n
    \n
  1. Login to the Demo Web Application.<\/li>\n\n\n\n
  2. Navigate to the “Upload” option in the left-hand navigation panel and select “Add.”<\/li>\n\n\n\n
  3. Click on the “Folder” button to open the file selection dialog.<\/li>\n\n\n\n
  4. Choose a random image file and click “Open.”<\/li>\n\n\n\n
  5. Enter an XSS payload into the “Tags” field and click “UPLOAD.”<\/li>\n\n\n\n
  6. Navigate to the “Main Folder” page listed under the “Images” drop-down and observe that the injected payload is executed, triggering an alert.<\/li>\n<\/ol>\n\n\n\n

    Impact of the Stored XSS Vulnerability<\/strong><\/h3>\n\n\n\n

    The severity of this vulnerability is critical<\/strong>, as it can be exploited to:<\/p>\n\n\n\n