CVE-2024-55064

Name of the Vulnerable Software and Affected Versions EasyVirt DC NetScope versions 8.6.4 and earlier

Description Multiple cross-site scripting (XSS) vulnerabilities allow remote attackers to inject arbitrary JavaScript or HTML code via vulnerable parameters. The affected parameters include smtp server, smtp account, smtp password, and email recipients in the /smtp/update endpoint, ntp or dns in the /proxy/ntp/change endpoint, and newVcenterAddress in the /process new vcenter endpoint.

Recommendations For EasyVirt DC NetScope versions 8.6.4 and earlier, update to a version later than 8.6.4 to resolve the issue. As a temporary workaround, consider restricting access to the /smtp/update, /proxy/ntp/change, and /process new vcenter endpoints until a patch is available. Avoid using the vulnerable parameters smtp server, smtp account, smtp password, email recipients, ntp, dns, and newVcenterAddress in the affected endpoints until the issue is resolved.