1. What is this vulnerability and why does it matter?

This vulnerability (CVE-2024-38782) is an Improper Neutralization of Input During Web Page Generation, specifically a Stored Cross-site Scripting (XSS) flaw in the MapsMarker.Com e.U. Leaflet Maps Marker plugin. It matters because Stored XSS allows an attacker to inject malicious script code directly into an application's database or other persistent storage. When legitimate users access the affected web page, their browsers retrieve and execute this malicious script, potentially leading to various attacks such as session hijacking, defacement of the website, redirecting users to malicious sites, or stealing sensitive user data like cookies or credentials.

2. What are the CVSS score, severity level, and disclosure details?

The CVSS score for this vulnerability is 5.4. Based on this score, the severity level is classified as Medium. The vulnerability was publicly published on 2024-07-21 21:13:35 and was last modified on 2026-04-28 16:10:06.

3. Which products, vendors, systems, and versions are affected?

4. What is the technical root cause and attack vector?

The technical root cause is an Improper Neutralization of Input During Web Page Generation, which falls under the CWE-79 category (Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')). Specifically, the vulnerability allows for Stored XSS. The attack vector involves an attacker injecting malicious scripts into input fields that are not adequately sanitized before being stored and subsequently displayed on web pages.

5. How can this vulnerability be exploited?

This vulnerability can be exploited by an attacker submitting specially crafted input containing malicious script code to the Leaflet Maps Marker plugin. Because the application fails to properly sanitize or neutralize this input before storing it, the malicious script becomes part of the persistent data. When a victim's browser requests a web page that retrieves and displays this stored, unsanitized data, the malicious script is executed within the victim's browser context. This allows the attacker to bypass the Same-Origin Policy and perform actions on behalf of the victim, such as stealing session cookies, defacing the website, or redirecting to phishing sites.

6. What mitigation steps and patches are available?

The provided CVE data does not specify direct mitigation steps or available patches for this particular vulnerability. However, general best practices for mitigating Stored XSS vulnerabilities include:

• Implementing robust input validation on all user-supplied data to filter out or escape potentially malicious characters before storage.
• Applying strong output encoding to all data retrieved from storage before it is rendered in a web page, ensuring that characters like '<', '>', '&', and '"' are converted to their HTML entities.
• Upgrading the Leaflet Maps Marker plugin to the latest secure version once a patch is released by MapsMarker.Com e.U.
• Adopting a Content Security Policy (CSP) to restrict the sources from which scripts can be loaded and executed.

7. How can vulnerable systems be detected?

Vulnerable systems can be detected by checking the version of the Leaflet Maps Marker plugin installed. Any installation running version 3.12.9 or earlier is considered vulnerable to CVE-2024-38782. System administrators should inspect their plugin installations to confirm the exact version number.

8. What are the indicators of compromise (IOCs)?

The provided CVE data does not specify particular Indicators of Compromise (IOCs) for this vulnerability. However, general IOCs related to Stored XSS exploitation might include:

• Unexpected script execution alerts in browser developer consoles.
• Unauthorized redirects or unusual pop-up windows when accessing pages using the Leaflet Maps Marker plugin.
• Changes to the content or appearance of web pages generated by the plugin without legitimate administrative action.
• Suspicious entries in web server logs or application logs that indicate attempts to inject script tags or unusual characters into input fields related to the plugin.

9. Which threat actors are known to exploit this vulnerability?

The provided CVE data does not identify any specific threat actors known to exploit CVE-2024-38782.

10. What public intelligence references and advisories exist?

The primary public intelligence reference for this vulnerability is CVE-2024-38782. The vulnerability is categorized under CWE-79 (Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')). Further advisories would typically be published by the vendor (MapsMarker.Com e.U.) or security organizations upon the release of patches or more detailed analysis.

11. What is the risk assessment and urgency level?

The risk assessment for CVE-2024-38782 is Medium, as indicated by its CVSS score of 5.4. The urgency level should be considered Medium to High. While the CVSS score is not critical, Stored XSS vulnerabilities can have significant impact, especially if the affected application handles sensitive data or has administrative functions. The persistent nature of Stored XSS means that a single successful injection can affect multiple users over an extended period without requiring further attacker interaction for each victim. Organizations using the affected Leaflet Maps Marker plugin should prioritize upgrading or implementing compensating controls as soon as possible to prevent potential data theft, session hijacking, or website defacement.