CVE-2022-30777

Name of the Vulnerable Software and Affected Versions Parallels H-Sphere versions 3.6.2 through 3.6.1713

Description The issue allows for cross-site scripting (XSS) attacks via the index en.php file, specifically through a parameter. This type of attack can enable malicious scripts to be injected into otherwise trusted websites, potentially leading to unauthorized access or control of user sessions.

Recommendations For Parallels H-Sphere versions 3.6.2 through 3.6.1713, as a temporary workaround, consider restricting access to the index en.php file until a patch is available. Avoid using the vulnerable parameter in the affected endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.