My Cloud - XSS Vulnerability

WDC Tracking Number: WDC-21006
Product Line: My Cloud
Published: May 20, 2021

Last Updated:  May 20, 2021


A XSS vulnerability was addressed in the My Cloud - which could allow an attacker to execute arbitrary client-side code in the user's browser session or allow the attacker to modify the session cookie with a payload that could take over a victim's browser.

Site Impact
May 20, 2021

Advisory Summary

Resolved the XSS vulnerability by data filtering and encoding. The vulnerability is fixed and deployed as of May 20, 2021.

Reported by: Brian Carpenter, Principal Researcher from Geeknik Labs