CVE-2017-1000065

Name of the Vulnerable Software and Affected Versions OpenMediaVault version 2.1

Description The issue concerns multiple Cross-site scripting (XSS) vulnerabilities in the rpc.php file, specifically within the Access Rights Management (Users) functionality. This allows attackers to inject arbitrary web scripts and execute malicious scripts within an authenticated client's browser.

Recommendations For OpenMediaVault version 2.1, update the Access Rights Management (Users) functionality to prevent XSS vulnerabilities, ensuring that user input is properly sanitized to prevent the injection of malicious scripts. As a temporary workaround, consider restricting access to the rpc.php file until a patch is available.