My Cloud - files.mycloud.com XSS Vulnerability


WDC Tracking Number: WDC-21010
Product Line: My Cloud
Published: August 8, 2021

Last Updated: August 8, 2021

Description

A XSS vulnerability was addressed in the My Cloud - files.mycloud.com website which could allow an attacker to execute arbitrary client-side code in the user’s browser session or to modify the session cookie with a payload that could take over a victim's browser.

Site Impact
Last Updated
files.mycloud.com
August 8, 2021

Advisory Summary

Resolved the XSS vulnerability by data filtering and encoding. The vulnerability is fixed and deployed as of August 8, 2021.

Western Digital would like to thank Mor David (Cyber Security Researcher) for reporting this issue.

Compare