CVE-2026-24415: OpenSTAManager Affected by XSS in modifica_iva.php via righe parameter

March 3, 2026 (updated March 4, 2026)

Multiple Reflected Cross-Site Scripting (XSS) vulnerabilities in OpenSTAManager v2.9.8 allow unauthenticated attackers to execute arbitrary JavaScript code in the context of other users’ browsers through crafted URL parameters, potentially leading to session hijacking, credential theft, and unauthorized actions.

Vulnerable Parameter: righe (GET)

References

github.com/advisories/GHSA-jfgp-g7x7-j25j
github.com/devcode-it/openstamanager
github.com/devcode-it/openstamanager/security/advisories/GHSA-jfgp-g7x7-j25j
nvd.nist.gov/vuln/detail/CVE-2026-24415

Code Behaviors & Features

Detect and mitigate CVE-2026-24415 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →