My Cloud - files.mycloud.com XSS Vulnerability
WDC Tracking Number: WDC-19017
Product Line: My Cloud
Published: July 27, 2021
Last Updated: July 27, 2021
A XSS vulnerability was addressed in the My Cloud - files.mycloud.com which could allow an attacker to execute arbitrary client-side code in the user’s browser session or allow the attacker to modify the session cookie with a payload that could take over a victim's browser.
Resolved the XSS vulnerability by data filtering and encoding. The vulnerability is fixed and deployed as of May 2, 2019.
Reported by: Ismail Hossain