CVE-2021-31862

Name of the Vulnerable Software and Affected Versions: SysAid version 20.4.74

Description: The issue allows for cross-site scripting (XSS) attacks via the stamp parameter in the "KeepAlive.jsp" page without requiring any authentication. This means an attacker can inject malicious scripts into the webpage, potentially leading to unauthorized access or control of user sessions.

Recommendations: For SysAid version 20.4.74, consider restricting access to the KeepAlive.jsp page or disabling the stamp parameter until a patch is available. As a temporary workaround, avoid using the stamp parameter in the KeepAlive.jsp page to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.