CVE-2021-42841

Name of the Vulnerable Software and Affected Versions Insta HMS versions prior to 12.4.10

Description The issue arises from improper validation of user-supplied input by multiple scripts, leading to a potential XSS attack. A remote attacker could exploit this via a crafted URL to execute script in a victim's Web browser within the security context of the hosting Web site. This could allow the attacker to steal the victim's cookie-based authentication credentials.

Recommendations For versions prior to 12.4.10, update to version 12.4.10 or later to resolve the issue. As a temporary workaround, consider restricting access to potentially vulnerable scripts to minimize the risk of exploitation. Avoid using crafted URLs that could trigger the execution of malicious scripts in the victim's Web browser.