CVE-2021-35200

Name of the Vulnerable Software and Affected Versions: NETSCOUT nGeniusONE version 6.3.0 build 1196

Description: The issue allows high-privileged users to achieve Stored Cross-Site Scripting (XSS) in FDSQueryService. This means that an attacker with high privileges could potentially inject malicious scripts into the system, which would then be executed by other users, allowing the attacker to steal user sessions, deface websites, or redirect the user to malicious sites.

Recommendations: For NETSCOUT nGeniusONE version 6.3.0 build 1196, consider restricting access to the FDSQueryService to minimize the risk of exploitation until a patch is available. As a temporary workaround, limit the privileges of users who have access to this service to reduce the potential impact of a Stored Cross-Site Scripting attack. At the moment, there is no information about a newer version that contains a fix for this vulnerability.