WDC-21001 My Cloud, My Cloud Home and SanDisk ibi Firmware Version 4.13.0

My Cloud, My Cloud Home and SanDisk ibi Web Version 4.13.0

WDC Tracking Number: WDC-21001
Product Line: My Cloud, My Cloud Home and SanDisk ibi
Published: January 19, 2021

Last Updated: January 19, 2021

Description

A reflected XSS vulnerability was addressed in My Cloud, My Cloud Home and SanDisk ibi cloud services which could allow an attacker to execute arbitrary client-side code in the user's browser session or allow the attacker to modify the session cookie with a payload that could take over a victim's browser.

Site Impact

Minimum Fix Version

Last Updated

os5.mycloud.com

4.13.0

January 19, 2021

home.mycloud.com

4.13.0

January 19, 2021

ibi.sandisk.com

4.13.0

January 19, 2021

Advisory Summary

Resolved the XSS vulnerability by data filtering and encoding.
Affected cloud service URLs include os5.mycloud.com, home.mycloud.com and ibi.sandisk.com. The vulnerability is fixed in the latest updated version 4.13.0

Reported by: Frantisek Uhrecky from Citadelo

Add up to 4 products

{{ skuObj.title.length

Compare

Details & Exclusions

A Note to Our Customers

Looking to Create a New Account?

A Note to Our Business Customers

Looking to Create a New Business Account?

A Note to Our Business Customers

A Note to Our Customers

Sign In

Sign In for Business

Resend Verification Email

Reset Password

{{promotion.info.promoTitle}}

{{promotion.info.promoTitle}}

{{promotion.info.desc}}

My Cloud, My Cloud Home and SanDisk ibi Web Version 4.13.0

Description

Advisory Summary

News and updates straight to your inbox