CVE-2022-22999

Name of the Vulnerable Software and Affected Versions Western Digital My Cloud devices (affected versions not specified)

Description The issue allows a malicious user with elevated privileges to construct and inject JavaScript payloads into an authenticated user's browser, potentially gaining control over the authenticated session, stealing data, modifying settings, or redirecting the user to malicious websites. The scope of impact can extend to other components.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.