CVE-2021-30049

Name of the Vulnerable Software and Affected Versions SysAid version 20.3.64 b14

Description The issue is related to Cross Site Scripting (XSS) and can be exploited via the "/KeepAlive.jsp?stamp=" URI. This is a type of attack where an attacker can inject malicious scripts into a website, potentially allowing them to steal user data or take control of the user's session.

Recommendations For SysAid version 20.3.64 b14, as a temporary workaround, consider restricting access to the "/KeepAlive.jsp" endpoint until a patch is available. Avoid using the stamp parameter in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.