CVE-2021-30133

Name of the Vulnerable Software and Affected Versions CloverDX Server versions 5.7.0 through 5.9.0 CloverDX versions 5.7.0 through 5.8.1

Description A cross-site scripting (XSS) issue allows remote attackers to inject arbitrary web script or HTML via the sessionToken parameter of multiple methods in the "Simple HTTP API". The estimated number of potentially affected devices worldwide is not specified. There is no information about real-world incidents where this issue was exploited.

Recommendations For versions 5.7.0 through 5.8.1, update to version 5.9.1 or 5.10. For version 5.9.0, update to version 5.9.1 or 5.10. As a temporary workaround, consider restricting access to the sessionToken parameter in the Simple HTTP API until a patch is available.