CVE-2024-56882
Sage DPW before 202412000 is vulnerable to Cross Site Scripting XSS. Low-privileged Sage users with employee role privileges can permanently store JavaScript code in the Kurstitel and Kurzinfo input fields. The injected payload is executed for each authenticated user who views and interacts with...