Unknown · Thingsboard · CVE-2022-40004
**Name of the Vulnerable Software and Affected Versions**
Things Board version 3.4.1
**Description**
The issue is related to a Cross Site Scripting (XSS) vulnerability that allows remote attackers to escalate privileges. This is achieved by crafting a URL to the Audit Log.
**Recommendations**
For version 3.4.1, consider restricting access to the Audit Log until a patch is available. As a temporary workaround, avoid using crafted URLs that could exploit the XSS vulnerability in the Audit Log. At the moment, there is no information about a newer version that contains a fix for this vulnerability.