CVE-2024-51799 identifies a DOM-based Cross-site Scripting (XSS) vulnerability in the Bg Patriarchia BU software developed by Vadim Bogaiskov. The vulnerability is caused by improper neutralization of user-supplied input during web page generation, which allows malicious scripts to be injected and executed in the victim's browser environment. Unlike reflected or stored XSS, DOM-based XSS occurs entirely on the client side, manipulating the Document Object Model without involving server-side script injection. This flaw affects all versions of Bg Patriarchia BU up to 2.2.3, with no patch currently available as per the provided data. Exploiting this vulnerability requires no authentication or user interaction beyond visiting a crafted URL or interacting with malicious content. The attacker can leverage this to steal cookies, session tokens, or other sensitive data, perform actions on behalf of the user, or redirect users to malicious sites. Although no active exploits have been reported, the vulnerability's nature and ease of exploitation make it a significant risk. The absence of a CVSS score necessitates an expert severity assessment, which rates this as high severity due to its impact on confidentiality and integrity, ease of exploitation, and potential widespread effect on users of the affected product.

The impact of CVE-2024-51799 is primarily on the confidentiality and integrity of user data within affected organizations. Successful exploitation can lead to theft of session cookies, credentials, or other sensitive information, enabling attackers to impersonate users or escalate privileges. It can also facilitate unauthorized actions performed in the context of the victim’s session, potentially leading to data manipulation or disruption of services. For organizations relying on Bg Patriarchia BU, this could result in data breaches, loss of user trust, and regulatory penalties depending on the nature of compromised data. The vulnerability’s client-side nature means that all users interacting with the vulnerable web interface are at risk, expanding the scope of potential damage. Although availability impact is limited, the reputational and operational consequences can be severe, especially if exploited in targeted attacks against high-value users or administrators.

To mitigate CVE-2024-51799, organizations should implement strict input validation and sanitization on all user-supplied data before it is processed or reflected in the DOM. Employing frameworks or libraries that automatically handle encoding and escaping can reduce the risk of DOM-based XSS. Applying Content Security Policy (CSP) headers to restrict the execution of unauthorized scripts is strongly recommended. Organizations should monitor for updates or patches from the vendor and apply them promptly once available. In the interim, disabling or restricting features that process untrusted input in the vulnerable versions can reduce exposure. Security teams should also educate users about the risks of clicking on suspicious links and implement web application firewalls (WAFs) with rules targeting XSS attack patterns. Regular security testing, including client-side code reviews and penetration testing focused on DOM manipulation, will help identify and remediate similar issues proactively.