CVE-2021-3150

Name of the Vulnerable Software and Affected Versions Cryptshare Server versions prior to 4.8.1

Description A cross-site scripting (XSS) issue exists on the Delete Personal Data page, allowing an attacker to inject arbitrary web script or HTML via the user name. This enables the attacker to potentially execute malicious code on the victim's browser. The issue is fixed in version 4.8.1.

Recommendations For Cryptshare Server versions prior to 4.8.1, update to version 4.8.1 to resolve the issue. As a temporary workaround, consider restricting access to the Delete Personal Data page until the update is applied.