CVE-2022-45176

Name of the Vulnerable Software and Affected Versions LIVEBOX Collaboration vDesk versions through v018

Description An issue in the web application allows Stored Cross-site Scripting (XSS) to occur under the "/api/v1/getbodyfile" endpoint via the uri parameter. The application does not properly check parameters sent in HTTP requests before saving them on the server. Crafted JavaScript content can then be reflected back to the end user and executed by the web browser.

Recommendations For versions through v018, as a temporary workaround, consider restricting access to the "/api/v1/getbodyfile" endpoint to minimize the risk of exploitation. Avoid using the uri parameter in this endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.