关键信息总结: 漏洞概览: - Vulnerability: Cross Site Scripting (XSS) - Product: Project Worlds Online Lawyer Management System 1.0 - Component: User Registration - CVE: CVE-2024-0266 - Classification: Problematic Summary: - A vulnerability was discovered in an unknown functionality of the User Registration component, where manipulation of the 'First Name' argument results in Cross Site Scripting (XSS). An exploit is available. Technical Details: - This issue is classified under CWE-79 (XSS). The product fails to neutralize user-controllable input which is then used in a web page served to other users. Successful exploitation requires user interaction. Available Resources: - Vulnerability disclosure date: 01/06/2024 - Advisory available at: drive.google.com (advisory link) - Exploit exploit: Available at: drive.google.com (proof-of-concept linked) - Reference to MITRE ATT&CK: T1059.007 Other: - No concise countermeasures shared. Replacing the affected product may be recommended.