CVE-2022-24692

Name of the Vulnerable Software and Affected Versions DSK DSKNet versions 2.16.136.0 through 2.17.136.5

Description An issue was discovered in the new menu option within the general Parameters page, which is vulnerable to stored XSS. The attacker can create a menu option, make it visible to every application user, and conduct session hijacking, account takeover, or malicious code delivery, with the final goal of achieving client-side code execution.

Recommendations For versions 2.16.136.0 through 2.17.136.5, consider disabling the new menu option within the general Parameters page until a patch is available to prevent stored XSS attacks. Restrict access to the Parameters page to minimize the risk of exploitation. Avoid using the vulnerable menu option in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.