CVE-2024-3792

Name of the Vulnerable Software and Affected Versions WBSAirback version 21.02.04

Description The issue is a stored Cross-Site Scripting (XSS) vulnerability, which occurs through the /admin/DeviceReplication endpoint, specifically in the execution range field, and affects all parameters. This could allow a remote user to send a specially crafted URL to the victim and steal their session data.

Recommendations For WBSAirback version 21.02.04, consider disabling access to the /admin/DeviceReplication endpoint until a patch is available. As a temporary workaround, restrict the execution range field to minimize the risk of exploitation. Avoid using all parameters in the affected endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.