CVE-2022-40004

Name of the Vulnerable Software and Affected Versions Things Board version 3.4.1

Description The issue is related to a Cross Site Scripting (XSS) vulnerability that allows remote attackers to escalate privileges. This is achieved by crafting a URL to the Audit Log.

Recommendations For version 3.4.1, consider restricting access to the Audit Log until a patch is available. As a temporary workaround, avoid using crafted URLs that could exploit the XSS vulnerability in the Audit Log. At the moment, there is no information about a newer version that contains a fix for this vulnerability.