CVE-2022-36304

Name of the Vulnerable Software and Affected Versions Vesta versions 1.0.0 through 1.0.5

Description A cross-site scripting (XSS) issue was found in Vesta via the generate response function at the "/web/api/v1/upload/UploadHandler.php" API endpoint. This allows for potential exploitation.

Recommendations For Vesta versions 1.0.0 through 1.0.5, as a temporary workaround, consider disabling the generate response function until a patch is available. Restrict access to the "/web/api/v1/upload/UploadHandler.php" API endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.