Login Sign Up

CVE-2024-3790

4.8 MEDIUM
Cross-Site Scripting

📋 TL;DR

This stored XSS vulnerability in WBSAirback 21.02.04 allows attackers to inject malicious scripts through user management fields. When exploited, it can steal session data from authenticated administrators. Organizations using this specific version of WBSAirback are affected.

💻 Affected Systems

Products:
  • WBSAirback
Versions: 21.02.04
Operating Systems: Linux-based systems where WBSAirback is deployed
Default Config Vulnerable: ⚠️ Yes
Notes: Only affects the specific version 21.02.04; requires access to admin interface at /admin/SystemUsers

📦 What is this software?

Wbsairback by Whitebearsolutions

View all CVEs affecting Wbsairback →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete compromise of administrative accounts leading to full system takeover, data theft, and potential ransomware deployment.

🟠

Likely Case

Session hijacking allowing unauthorized access to administrative functions and potential data exfiltration.

🟢

If Mitigated

Limited impact with proper input validation and output encoding preventing script execution.

🌐 Internet-Facing: MEDIUM - Requires authenticated access but can be exploited remotely if admin interface is exposed.
🏢 Internal Only: MEDIUM - Internal attackers with access to admin interface can exploit this vulnerability.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: LOW

Requires authenticated access to admin interface; exploitation involves injecting scripts into user management fields

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Update to version later than 21.02.04

Vendor Advisory: https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-wbsairback-white-bear-solutions

Restart Required: Yes

Instructions:

1. Backup current configuration and data. 2. Download latest WBSAirback version from vendor. 3. Follow vendor upgrade documentation. 4. Restart WBSAirback services. 5. Verify functionality.

🔧 Temporary Workarounds

Input Validation Filter

all

Implement server-side input validation to sanitize user input in login, description, passwd1, and passwd2 fields

Content Security Policy

all

Implement strict CSP headers to prevent script execution from untrusted sources

Add 'Content-Security-Policy: default-src 'self'; script-src 'self'' to web server configuration

🧯 If You Can't Patch

  • Restrict access to /admin/SystemUsers interface using network ACLs or firewall rules
  • Implement web application firewall with XSS protection rules

🔍 How to Verify

Check if Vulnerable:

Check WBSAirback version via admin interface or configuration files; version 21.02.04 is vulnerable

Check Version:

Check WBSAirback web interface or configuration files for version information

Verify Fix Applied:

Verify version is updated beyond 21.02.04 and test XSS payloads no longer execute

📡 Detection & Monitoring

Log Indicators:

  • Unusual script tags or JavaScript in user management fields
  • Multiple failed login attempts followed by successful admin login

Network Indicators:

  • HTTP POST requests to /admin/SystemUsers with script payloads
  • Unexpected outbound connections from WBSAirback server

SIEM Query:

source="wbsairback.log" AND ("script" OR "javascript" OR "onload" OR "onerror") AND uri="/admin/SystemUsers"

📊 Metadata

CVE ID: CVE-2024-3790
CVSS v3 Score: 4.8 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
CWE: CWE-79
Published: May 14, 2024
Last Updated: April 10, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-3790, you might also want to check these:

CVE-2021-39199 10.0

CVE-2021-39199 is a critical cross-site scripting (XSS) vulnerability in the remark-html Node.js lib...

Same vulnerability type (CWE-79)
CVE-2021-32671 10.0

This vulnerability in Flarum forum software allows attackers to inject malicious HTML/JavaScript int...

Same vulnerability type (CWE-79)
CVE-2021-32798 10.0

CVE-2021-32798 is a critical vulnerability in Jupyter Notebook that allows malicious notebook files ...

Same vulnerability type (CWE-79)