CVE-2024-3793

Name of the Vulnerable Software and Affected Versions WBSAirback version 21.02.04

Description The issue is a stored Cross-Site Scripting (XSS) vulnerability. It occurs through the "/admin/CloudAccounts" API endpoint, specifically in the account name, user password, and server fields, affecting all parameters. This could allow a remote user to send a specially crafted URL to the victim and steal their session data.

Recommendations For WBSAirback version 21.02.04, consider disabling access to the "/admin/CloudAccounts" API endpoint until a patch is available. Additionally, restrict the use of the account name, user password, and server fields to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.