My Cloud, My Cloud Home and SanDisk ibi Web Version 4.13.0


WDC Tracking Number: WDC-21001
Product Line: My Cloud, My Cloud Home and SanDisk ibi
Published: January 19, 2021

Last Updated:  January 19, 2021

Description

A reflected XSS vulnerability was addressed in My Cloud, My Cloud Home and SanDisk ibi cloud services which could allow an attacker to execute arbitrary client-side code in the user's browser session or allow the attacker to modify the session cookie with a payload that could take over a victim's browser.

Site Impact
Last Updated
os5.mycloud.com
4.13.0
home.mycloud.com
4.13.0
ibi.sandisk.com
4.13.0

Advisory Summary

Resolved the XSS vulnerability by data filtering and encoding.
Affected cloud service URLs include os5.mycloud.com, home.mycloud.com and ibi.sandisk.com. The vulnerability is fixed in the latest updated version 4.13.0

Reported by: Frantisek Uhrecky from Citadelo