PT-2024-19254 · Western Digital · Wd Cloud Web App+3
Jay Mehta
·
Published
2024-06-24
·
Updated
2024-06-25
·
CVE-2024-22168
CVSS v4.0
5.9
Medium
| Vector | AV:N/AC:H/AT:N/PR:N/UI:A/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X |
Name of the Vulnerable Software and Affected Versions
My Cloud web app (affected versions not specified)
My Cloud Home web app (affected versions not specified)
SanDisk ibi web app (affected versions not specified)
WD Cloud web app (affected versions not specified)
Description
A Cross-Site Scripting (XSS) issue was found in the web apps for My Cloud, My Cloud Home, SanDisk ibi, and WD Cloud devices. This could allow an attacker to redirect users to a crafted domain to reset their credentials or execute arbitrary client-side code in the user's browser session for malicious activities.
Recommendations
For My Cloud web app, the web app has been automatically updated to resolve this issue.
For My Cloud Home web app, the web app has been automatically updated to resolve this issue.
For SanDisk ibi web app, the web app has been automatically updated to resolve this issue.
For WD Cloud web app, the web app has been automatically updated to resolve this issue.
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
My Cloud Home Web App
My Cloud Web App
Sandisk Ibi Web App
Wd Cloud Web App