My Cloud, My Cloud Home and SanDisk ibi Web Version 4.13.0
WDC Tracking Number: WDC-21001
Product Line: My Cloud, My Cloud Home and SanDisk ibi
Published: January 19, 2021
Last Updated: January 19, 2021
Description
A reflected XSS vulnerability was addressed in My Cloud, My Cloud Home and SanDisk ibi cloud services which could allow an attacker to execute arbitrary client-side code in the user's browser session or allow the attacker to modify the session cookie with a payload that could take over a victim's browser.
Advisory Summary
Resolved the XSS vulnerability by data filtering and encoding.
Affected cloud service URLs include os5.mycloud.com, home.mycloud.com and ibi.sandisk.com. The vulnerability is fixed in the latest updated version 4.13.0
Reported by: Frantisek Uhrecky from Citadelo