CVE-2020-36489

Name of the Vulnerable Software and Affected Versions: Dropouts Technologies LLP Air Share version 1.2

Description: The issue allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the devicename parameter. This is a cross-site scripting (XSS) vulnerability, which means an attacker can inject malicious scripts into a website, potentially allowing them to steal user data or take control of the user's session. The vulnerability is exploited by sending a crafted payload in the devicename information.

Recommendations: For Dropouts Technologies LLP Air Share version 1.2, as a temporary workaround, consider restricting the use of the devicename parameter to minimize the risk of exploitation. Avoid using the devicename parameter in the affected endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.