CVE-2024-57386 – A cross-site scripting (XSS) vulnerability in W... (How to Fix)

Q: What is the severity of CVE-2024-57386?

CVE-2024-57386 has a CVSS score of 6.1 (MEDIUM). A cross-site scripting (XSS) vulnerability in Wallos v2.41.0 allows remote attackers to inject malicious scripts via the profile picture upload function. This affects all users of Wallos v2.41.0 who have profile picture functionality enabled. Attackers can execute arbitrary JavaScript in victims' browsers when they view the malicious profile picture.

📋 TL;DR

A cross-site scripting (XSS) vulnerability in Wallos v2.41.0 allows remote attackers to inject malicious scripts via the profile picture upload function. This affects all users of Wallos v2.41.0 who have profile picture functionality enabled. Attackers can execute arbitrary JavaScript in victims' browsers when they view the malicious profile picture.

💻 Affected Systems

Products:

Wallos

Versions: v2.41.0

Operating Systems: All

Default Config Vulnerable: ⚠️ Yes

Notes: Requires profile picture functionality to be enabled and accessible.

📦 What is this software?

Wallos by Wallosapp

View all CVEs affecting Wallos →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could steal session cookies, perform actions as authenticated users, redirect to malicious sites, or install malware via drive-by downloads.

🟠

Likely Case

Session hijacking, credential theft, or defacement of user profiles through injected content.

🟢

If Mitigated

Limited impact with proper content security policies and input validation, potentially only cosmetic changes.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires user interaction (viewing the malicious profile) but is straightforward with public proof-of-concept available.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: v2.42.0 or later

Vendor Advisory: https://github.com/onelogin/python-saml/releases

Restart Required: Yes

Instructions:

1. Backup current installation. 2. Download latest Wallos version from official repository. 3. Replace existing files with patched version. 4. Restart Wallos service.

🔧 Temporary Workarounds

Disable Profile Picture Upload

all

Temporarily disable profile picture functionality to prevent exploitation.

Modify Wallos configuration to disable profile picture uploads

Implement Content Security Policy

all

Add CSP headers to restrict script execution from untrusted sources.

Add 'Content-Security-Policy: default-src 'self'' to web server headers

🧯 If You Can't Patch

Implement strict input validation and output encoding for all user-controlled data
Deploy web application firewall (WAF) with XSS protection rules

🔍 How to Verify

Check if Vulnerable:

Check if running Wallos v2.41.0 and test profile picture upload with XSS payloads.

Check Version:

Check Wallos configuration file or admin panel for version information

Verify Fix Applied:

Verify version is v2.42.0 or later and test that XSS payloads in profile pictures are properly sanitized.

📡 Detection & Monitoring

Log Indicators:

Unusual profile picture uploads with script-like content
Multiple failed upload attempts with special characters

Network Indicators:

HTTP requests containing script tags in profile picture parameters
Unusual outbound connections after profile views

SIEM Query:

source="wallos_logs" AND (message="*profile*" AND message="*<script>*")

📊 Metadata

CVE ID: CVE-2024-57386

CVSS v3 Score: 6.1 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CWE: CWE-79

EPSS Score: 0.04% exploit probability (12.3th percentile)

Published: January 23, 2025

Last Updated: January 31, 2025

🔗 References

https://github.com/PawaritSanguanpang/CVEs/tree/main/Wallos/CVE-2024-57386 Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-57386, you might also want to check these: