CVE-2021-33691

Name of the Vulnerable Software and Affected Versions: NWDI Notification Service versions 7.31, 7.40, 7.50

Description: The issue arises from insufficient encoding of user-controlled inputs, resulting in a Cross-Site Scripting (XSS) vulnerability. This allows a threat actor to send crafted scripts to a victim. If the victim has an active session when the crafted script gets executed, the threat actor could compromise information in the victim's session and gain access to some sensitive information.

Recommendations: For versions 7.31, 7.40, 7.50, consider disabling the execution of user-controlled scripts as a temporary workaround until a patch is available. Restrict access to sensitive information to minimize the risk of exploitation. Avoid using the NWDI Notification Service with active user sessions until the issue is resolved.