CVE-2024-51026

The NetAdmin IAM system (version 4.0.30319) has a Cross Site Scripting (XSS) vulnerability in the /BalloonSave.ashx endpoint, where it is possible to inject a malicious payload into the Content= field. > MITRE Terms of Use apply – see LICENSE‑MITRE.txt