CVE-2024-45878 identifies a persistent Cross-Site Scripting (XSS) vulnerability in the baltic-it TOPqw Webportal, version 1.35.283.2, specifically within the "Stammdaten" menu located at /Apps/TOPqw/qwStammdaten.aspx. Persistent XSS occurs when malicious scripts injected by an attacker are stored on the target server and subsequently served to other users, enabling the execution of arbitrary JavaScript in their browsers. This vulnerability is classified under CWE-79, indicating improper neutralization of input during web page generation. The attack vector requires network access (AV:N), low attack complexity (AC:L), and privileges at the user level (PR:L), with user interaction necessary (UI:R). The scope is changed (S:C), meaning the vulnerability affects resources beyond the initially vulnerable component. The impact affects confidentiality and integrity but not availability, as indicated by the CVSS vector. Although no known exploits are currently in the wild, the vulnerability poses a risk of session hijacking, credential theft, or unauthorized actions performed on behalf of users. The issue was addressed in version 1.35.291 of the software. Given the nature of persistent XSS, attackers could leverage this flaw to implant malicious payloads that affect multiple users over time, making it a significant concern for organizations relying on this web portal for critical operations.

The persistent XSS vulnerability in baltic-it TOPqw Webportal can lead to unauthorized disclosure of sensitive information, such as session tokens, user credentials, or personal data, compromising confidentiality. It can also allow attackers to manipulate or alter data within the application context, affecting data integrity. Although it does not directly impact availability, the exploitation could facilitate further attacks like phishing or privilege escalation. Since exploitation requires authenticated access and user interaction, the risk is somewhat mitigated but remains significant in environments with many users or where users have elevated privileges. Organizations using the affected version risk data breaches, loss of user trust, and potential regulatory penalties if sensitive data is exposed. The persistence of the injected scripts increases the attack surface and duration of impact, potentially affecting multiple users over time.

1. Upgrade baltic-it TOPqw Webportal to version 1.35.291 or later, where the vulnerability is fixed. 2. Implement strict input validation on all user-supplied data, especially in the "Stammdaten" menu, to reject or sanitize potentially malicious content. 3. Apply proper output encoding/escaping for data rendered in web pages to prevent script execution. 4. Employ Content Security Policy (CSP) headers to restrict the execution of unauthorized scripts. 5. Conduct regular security audits and penetration testing focusing on XSS vulnerabilities. 6. Educate users about the risks of clicking suspicious links or executing unexpected scripts, especially in authenticated sessions. 7. Monitor web application logs for unusual input patterns or repeated injection attempts. 8. Consider implementing web application firewalls (WAF) with rules targeting XSS attack signatures specific to the application context.