CVE-2021-27989

Name of the Vulnerable Software and Affected Versions: Appspace version 6.2.4

Description: The issue concerns stored cross-site scripting (XSS) in multiple parameters within the "/medianet/sgcontentset.aspx" API endpoint. This means that an attacker can inject malicious scripts into the application, which are then stored and executed when other users access the affected page.

Recommendations: For Appspace version 6.2.4, as a temporary workaround, consider restricting access to the "/medianet/sgcontentset.aspx" API endpoint until a patch is available. Additionally, avoid using vulnerable parameters within this endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.