CVE-2020-36502

Name of the Vulnerable Software and Affected Versions: Swift File Transfer Mobile version 1.1.2

Description: The issue allows attackers to execute arbitrary web scripts or HTML via a crafted payload entered as the devicename parameter, enabling cross-site scripting (XSS) attacks. This vulnerability enables attackers to inject malicious scripts, potentially leading to unauthorized access or control of affected systems.

Recommendations: For Swift File Transfer Mobile version 1.1.2, consider restricting the input for the devicename parameter to prevent the execution of arbitrary scripts until a patch is available. As a temporary workaround, avoid using the devicename parameter with untrusted input. At the moment, there is no information about a newer version that contains a fix for this vulnerability.