CVE-2021-41391

Name of the Vulnerable Software and Affected Versions Ericsson ECM versions prior to 18.0

Description The Security Management Endpoint in the User Profile Management Section is vulnerable to stored XSS via a name, leading to session hijacking and full account takeover.

Recommendations For versions prior to 18.0, update to version 18.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the Security Management Endpoint in the User Profile Management Section to minimize the risk of exploitation. Avoid using the name field in a way that could introduce malicious content until the issue is resolved.