CVE-2024-45920 is a Stored Cross-Site Scripting (XSS) vulnerability identified in Solvait version 24.4.2, specifically within the 'Intrest' feature. This vulnerability arises from inadequate input validation and sanitization, allowing attackers to inject malicious JavaScript code that is stored and later executed in the context of other users accessing the affected application. The vulnerability is classified under CWE-79, which covers improper neutralization of input during web page generation. The CVSS v3.1 base score is 5.4, indicating a medium severity level. The vector string (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N) shows that the attack can be performed remotely over the network with low attack complexity, requires privileges (PR:L) and user interaction (UI:R), and results in a changed scope (S:C) with limited confidentiality and integrity impacts but no availability impact. The vulnerability can be exploited by authenticated users who interact with the vulnerable feature, injecting scripts that execute when other users view the affected content. This can lead to session hijacking, unauthorized actions, or data exposure within the application context. No patches or known exploits are currently available, but the risk remains significant due to the potential for lateral movement and data compromise within affected organizations.

The primary impact of CVE-2024-45920 is on the confidentiality and integrity of data within Solvait 24.4.2 deployments. Successful exploitation allows attackers to execute arbitrary scripts in the context of other users, potentially leading to session hijacking, theft of sensitive information, or unauthorized actions performed on behalf of legitimate users. Although availability is not directly affected, the breach of trust and data integrity can have severe operational and reputational consequences. Organizations relying on Solvait for critical business functions may face increased risk of data leaks, compliance violations, and targeted attacks leveraging this vulnerability as an initial foothold. The requirement for user interaction and privileges somewhat limits the attack surface but does not eliminate the threat, especially in environments with many users or where privilege escalation is possible. The absence of known exploits in the wild currently reduces immediate risk but does not preclude future exploitation attempts.

To mitigate CVE-2024-45920, organizations should implement the following specific measures: 1) Apply any available patches or updates from Solvait as soon as they are released, prioritizing the 'Intrest' feature fixes. 2) Conduct a thorough review and hardening of input validation and output encoding mechanisms within the application, particularly focusing on user-supplied data in the vulnerable feature. 3) Employ Content Security Policy (CSP) headers to restrict the execution of unauthorized scripts and reduce the impact of potential XSS payloads. 4) Limit user privileges to the minimum necessary to reduce the likelihood of exploitation by low-privileged users. 5) Educate users about the risks of interacting with untrusted content and implement monitoring to detect anomalous script execution or suspicious user behavior. 6) Use web application firewalls (WAFs) with custom rules targeting known XSS patterns in Solvait traffic to provide an additional layer of defense. 7) Regularly audit and test the application for XSS and other injection vulnerabilities using automated and manual security testing tools.