CVE-2023-36816

Name of the Vulnerable Software and Affected Versions 2FA versions prior to 4.0.3

Description The issue is related to a Cross Site Scripting (XSS) injection vulnerability in the 2FA Web application, which manages Two-Factor Authentication accounts and generates security codes. The XSS injection can be done via the account/service field. This vulnerability was tested in a docker-compose environment.

Recommendations For versions prior to 4.0.3, update to version 4.0.3 to resolve the issue. As a temporary workaround, consider restricting access to the account/service field to minimize the risk of exploitation.