CVE-2021-44043

Name of the Vulnerable Software and Affected Versions: UiPath App Studio version 21.4.4

Description: An issue was discovered in the file-upload functionality for uploading icons when attempting to create new Apps, allowing for a persistent XSS vulnerability. An attacker with minimal privileges can build their own App and upload a malicious file containing an XSS payload by uploading an arbitrary file and modifying the MIME type in a subsequent HTTP request. This enables the file to be stored and retrieved from the server by other users in the same organization.

Recommendations: For UiPath App Studio version 21.4.4, consider disabling the file-upload functionality for uploading icons until a patch is available to prevent exploitation of the persistent XSS vulnerability. Restrict access to the affected functionality to minimize the risk of exploitation. Avoid using the file-upload feature for uploading icons in the affected version until the issue is resolved.