CVE-2024-45879 is a persistent Cross-Site Scripting (XSS) vulnerability identified in the file upload functionality of the QWKalkulation tool, part of the baltic-it TOPqw Webportal version 1.35.287.1. The vulnerability resides in the /Apps/TOPqw/QWKalkulation/QWKalkulation.aspx endpoint, where insufficient input sanitization allows an authenticated attacker to inject malicious JavaScript code that persists in the application interface, specifically within the QWKalkulation menu. This persistent XSS flaw enables attackers to execute arbitrary scripts in the context of other authenticated users, potentially leading to session hijacking, credential theft, or unauthorized actions within the application. Exploitation requires the attacker to have valid credentials and interact with the application, which limits the attack surface but still poses a significant risk in environments with multiple users or less stringent access controls. The vulnerability was addressed in version 1.35.291 of the software. The CVSS v3.1 base score of 6.1 reflects a medium severity, with attack vector being network-based, low attack complexity, requiring privileges, and user interaction, and impacting confidentiality and integrity but not availability. No public exploits have been reported yet, but the presence of this vulnerability in a business-critical web portal underscores the importance of timely patching and input validation improvements.

The primary impact of CVE-2024-45879 is on the confidentiality and integrity of user data within the TOPqw Webportal environment. An attacker exploiting this vulnerability can execute persistent malicious scripts that may steal session tokens, manipulate displayed content, or perform unauthorized actions on behalf of other authenticated users. This can lead to unauthorized access to sensitive information, data leakage, and potential compromise of user accounts. Although availability is not directly affected, the trustworthiness of the application is undermined, which can result in reputational damage and operational disruptions. Organizations relying on the affected version of the TOPqw Webportal, especially those in sectors handling sensitive or regulated data, face increased risk of targeted attacks leveraging this vulnerability. The requirement for attacker authentication and user interaction reduces the likelihood of widespread automated exploitation but does not eliminate the threat in environments with multiple users or insider threats.

To mitigate CVE-2024-45879, organizations should immediately upgrade the TOPqw Webportal to version 1.35.291 or later, where the vulnerability has been fixed. In addition to patching, implement strict input validation and output encoding on all user-supplied data, especially in file upload components and dynamic web content areas, to prevent injection of malicious scripts. Employ Content Security Policy (CSP) headers to restrict the execution of unauthorized scripts within the web application context. Conduct regular security assessments and code reviews focusing on XSS vulnerabilities, particularly in modules handling file uploads and user-generated content. Limit user privileges to the minimum necessary to reduce the risk posed by authenticated attackers. Monitor application logs for suspicious activities indicative of XSS exploitation attempts. Educate users about the risks of interacting with untrusted content within the application. Finally, consider deploying Web Application Firewalls (WAFs) with rules tailored to detect and block XSS payloads targeting the TOPqw Webportal.