CVE-2013-6882

Name of the Vulnerable Software and Affected Versions CRU Ditto Forensic FieldStation versions 2013Oct15a and earlier

Description The issue allows remote attackers to inject arbitrary web script or HTML via the username parameter in a login. Additionally, remote authenticated users can inject arbitrary web script or HTML via unspecified form fields.

Recommendations For CRU Ditto Forensic FieldStation versions 2013Oct15a and earlier, update the firmware to a version later than 2013Oct15a to resolve the issue. As a temporary workaround, consider restricting access to the login functionality and unspecified form fields to minimize the risk of exploitation. Avoid using the username parameter in the affected login endpoint until the issue is resolved.