CVE-2022-27494

Name of the Vulnerable Software and Affected Versions Aethon TUG Home Base Server versions prior to version 24

Description The issue is related to the lack of input data sanitization in the "Reports" component of the TUG Home Base Server, which can allow a remote attacker to conduct a cross-site scripting (XSS) attack. Additionally, an unauthenticated attacker can freely access hashed user credentials.

Recommendations For versions prior to 24, update to version 24 or later to resolve the issue. As a temporary workaround, consider restricting access to the "Reports" component until a patch is available. Avoid using the TUG Home Base Server with untrusted input data until the issue is resolved.