My Cloud Web Apps Vulnerability: XSS Flaw Exposes User Data
CVE-2024-22168

Currently unrated

Key Information:

Vendor: Western Digital
Status: My Cloud Home Web App; Ibi Web App; Wd Cloud Web App; My Cloud Web App
Vendor: CVE Published:; 24 June 2024

🔔 Create Western Digital Vulnerability Alert

What is CVE-2024-22168?

A Cross-Site Scripting (XSS) vulnerability on the My Cloud, My Cloud Home, SanDisk ibi, and WD Cloud web apps was found which could allow an attacker to redirect the user to a crafted domain and reset their credentials, or to execute arbitrary client-side code in the user’s browser session to carry out malicious activities.The web apps for these devices have been automatically updated to resolve this vulnerability and improve the security of your devices and data.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

ibi web app 0 < 4.28.0-102

My Cloud Home web app 0 < 4.28.0-102

My Cloud web app 0 < 4.28.0-102

References

https://www.westerndigital.com/support/product-security/w...

Timeline

Vulnerability published
Jun 24, 2024
Vulnerability Reserved
Jan 5, 2024

Credit

Western Digital would like to thank Jay Mehta for reporting this issue

JSON

Western Digital