CVE-2021-40959

Name of the Vulnerable Software and Affected Versions MONITORAPP Application Insight Web Application Firewall (AIWAF) versions <= 4.1.6 and <= 5.0

Description A reflected cross-site scripting issue was identified on the subpage "/process management/process status.xhr.php". This issue allows an attacker to inject malicious scripts that execute in the context of the victim's session.

Recommendations For versions <= 4.1.6 and <= 5.0, consider disabling access to the "/process management/process status.xhr.php" subpage until a patch is available. As a temporary workaround, restrict the execution of scripts on the vulnerable subpage to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.