CVE-2021-46355

Name of the Vulnerable Software and Affected Versions OCS Inventory version 2.9.1

Description The issue affects OCS Inventory, allowing an attacker to exploit a Cross Site Scripting (XSS) vulnerability. To exploit this, the attacker must manipulate the name of a device, such as a printer, by replacing it with malicious code that enables the execution of Stored Cross-site Scripting (XSS).

Recommendations For OCS Inventory version 2.9.1, consider restricting the ability to modify device names to prevent the introduction of malicious code until a patch is available. As a temporary workaround, monitor device name changes closely to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.