CVE-2021-33848

Name of the Vulnerable Software and Affected Versions Fresenius Kabi Vigilant Software Suite (Mastermed Dashboard) version 2.0.1.3

Description The issue allows an attacker to inject JavaScript in a GET parameter of HTTP requests, performing unauthorized actions such as stealing internal information and performing actions in the context of an authenticated user. This is a reflected cross-site scripting attack.

Recommendations For Fresenius Kabi Vigilant Software Suite (Mastermed Dashboard) version 2.0.1.3, consider restricting access to the vulnerable GET parameter until a patch is available. As a temporary workaround, avoid using the vulnerable parameter in HTTP requests to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.