CVE-2022-1059

Name of the Vulnerable Software and Affected Versions Aethon TUG Home Base Server versions prior to version 24

Description The issue is related to the lack of input data sanitization in the "Загрузки" component of the TUG Home Base Server, which can lead to a remote attacker conducting a cross-site scripting (XSS) attack. An unauthenticated attacker can freely access hashed user credentials.

Recommendations For versions prior to version 24, update to version 24 or later to resolve the issue. As a temporary workaround, consider restricting access to the "Загрузки" component to minimize the risk of exploitation.