CVE-2024-3791

Name of the Vulnerable Software and Affected Versions WBSAirback version 21.02.04

Description The issue is a stored Cross-Site Scripting (XSS) vulnerability. It occurs through the /admin/SystemConfiguration endpoint, specifically in the name and free memory limit fields, and the type and password parameters. This could allow a remote user to send a specially crafted URL to the victim and steal their session data.

Recommendations For WBSAirback version 21.02.04, consider disabling access to the /admin/SystemConfiguration endpoint until a patch is available. Restrict input for the name and free memory limit fields, as well as the type and password parameters, to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.