David Alonso Pérez

**Name of the Vulnerable Software and Affected Versions** Alt-N WebAdmin version 3.0.4 **Description** A cross-site scripting (XSS) issue exists, allowing remote attackers to inject arbitrary web script or HTML. This is achieved via the `user` parameter in the useredit account.wdm file. **Recommendations** For Alt-N WebAdmin version 3.0.4, consider restricting access to the useredit account.wdm file until a patch is available. As a temporary workaround, avoid using the `user` parameter in the affected file to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Alt-N WebAdmin version 3.0.4 **Description** The issue concerns improper validation of account edits by logged-in users. This allows remote authenticated users to edit other users' account information by modifying the `user` parameter. **Recommendations** For Alt-N WebAdmin version 3.0.4, consider restricting access to the user edit functionality until a proper fix is available, and avoid using the modified `user` parameter in the affected API endpoint.

**Name of the Vulnerable Software and Affected Versions** Alt-N WebAdmin version 3.0.4 **Description** A direct remote injection issue in the modalfram.wdm component allows remote attackers to load external web pages that appear to originate from the WebAdmin server. This enables the injection of arbitrary HTML or web script, facilitating cross-site scripting (XSS) and phishing attacks. **Recommendations** For Alt-N WebAdmin version 3.0.4, consider disabling the modalfram.wdm component as a temporary workaround until a patch is available. Restrict access to the WebAdmin server to minimize the risk of exploitation. Avoid using the WebAdmin server for sensitive operations until the issue is resolved.