CVE-2021-29033

Name of the Vulnerable Software and Affected Versions: Bitweaver version 3.1.0

Description: A cross-site scripting (XSS) issue allows remote attackers to inject JavaScript via the "/users/admin/edit group.php" API endpoint. This enables attackers to execute malicious scripts on the client-side.

Recommendations: For Bitweaver version 3.1.0, as a temporary workaround, consider restricting access to the "/users/admin/edit group.php" API endpoint until a patch is available. Avoid using this endpoint with untrusted input to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.