CVE-2023-2739

Name of the Vulnerable Software and Affected Versions Gira HomeServer versions up to 4.12.0.220829 beta

Description A problematic issue was found, affecting unknown code of the file /hslist. The manipulation of the argument lst with the input debug%27"><img%20src=x%20onerror=alert(document.cookie)> leads to cross-site scripting. The attack can be initiated remotely.

Recommendations For Gira HomeServer versions up to 4.12.0.220829 beta, at the moment, there is no information about a newer version that contains a fix for this vulnerability. As a temporary workaround, consider restricting access to the /hslist file to minimize the risk of exploitation. Avoid using the lst argument in the affected file until the issue is resolved.