My Cloud - files.mycloud.com XSS Vulnerability
WDC Tracking Number: WDC-21010
Product Line: My Cloud
Published: August 8, 2021
Last Updated: August 8, 2021
A XSS vulnerability was addressed in the My Cloud - files.mycloud.com website which could allow an attacker to execute arbitrary client-side code in the user’s browser session or to modify the session cookie with a payload that could take over a victim's browser.
Resolved the XSS vulnerability by data filtering and encoding. The vulnerability is fixed and deployed as of August 8, 2021.
Western Digital would like to thank Mor David (Cyber Security Researcher) for reporting this issue.