VYPR
← All advisories
Medium severity4.3NVD Advisory· Published Aug 13, 2024· Updated Apr 15, 2026

CVE-2024-7709

CVE-2024-7709

Description

A vulnerability, which was classified as problematic, has been found in OcoMon 4.0RC1/4.0/5.0RC1. This issue affects some unknown processing of the file /includes/common/require_access_recovery.php of the component URL Handler. The manipulation leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 4.0.1 and 5.0 is able to address this issue. It is recommended to upgrade the affected component.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

A cross-site scripting vulnerability in OcoMon's URL Handler allows remote attackers to inject arbitrary scripts via the require_access_recovery.php file, affecting versions 4.0RC1 to 5.0RC1.

Description

CVE-2024-7709 is a cross-site scripting (XSS) vulnerability found in OcoMon versions 4.0RC1, 4.0, and 5.0RC1. The issue occurs in the file /includes/common/require_access_recovery.php within the URL Handler component, where improper handling of user input leads to potential script injection [2].

Exploitation

The attack can be initiated remotely, meaning an unauthenticated attacker may inject malicious scripts into the page. The vulnerability has been publicly disclosed, increasing the risk of exploitation. No authentication is mentioned as a prerequisite, making it accessible to external attackers.

Impact

Successful exploitation could allow an attacker to execute arbitrary JavaScript in the context of the victim's browser. This could lead to session hijacking, credential theft, or defacement of the OcoMon interface, compromising the confidentiality and integrity of the application.

Mitigation

OcoMon has released security updates addressing this issue. Users are advised to upgrade to version 4.0.1 or 5.0, or apply the provided patch for version 4.0 [2]. The latest version, 6.3, is also available and should include the fix [1].

References
  1. DOWNLOADS
  2. Atualização de Segurança

AI Insight generated on May 20, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

2
  • Ocomon/Ocomoninferred2 versions
    >=4.0RC1,<4.0.1 || >=5.0RC1,<5.0+ 1 more
    • (no CPE)range: >=4.0RC1,<4.0.1 || >=5.0RC1,<5.0
    • (no CPE)range: 4.0RC1, 4.0, 5.0RC1

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

5

News mentions

0

No linked articles in our index yet.