CVE-2024-3796 – A stored cross-site scripting (XSS) vulnerabili... (How to Fix)

Q: What is the severity of CVE-2024-3796?

CVE-2024-3796 has a CVSS score of 4.8 (MEDIUM). A stored cross-site scripting (XSS) vulnerability in WBSAirback 21.02.04 allows attackers to inject malicious scripts into the description field of the BackupSchedule admin page. When an administrator views the compromised backup schedule, the script executes in their browser context, potentially stealing session cookies or performing actions as the administrator. This affects all WBSAirback 21.02.04 installations with admin access.

📋 TL;DR

A stored cross-site scripting (XSS) vulnerability in WBSAirback 21.02.04 allows attackers to inject malicious scripts into the description field of the BackupSchedule admin page. When an administrator views the compromised backup schedule, the script executes in their browser context, potentially stealing session cookies or performing actions as the administrator. This affects all WBSAirback 21.02.04 installations with admin access.

💻 Affected Systems

Products:

WBSAirback

Versions: 21.02.04

Operating Systems: Linux-based systems where WBSAirback runs

Default Config Vulnerable: ⚠️ Yes

Notes: Requires admin access to /admin/BackupSchedule endpoint. All default installations of version 21.02.04 are vulnerable.

📦 What is this software?

Wbsairback by Whitebearsolutions

View all CVEs affecting Wbsairback →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Administrator session hijacking leading to full system compromise, data theft, or ransomware deployment.

🟠

Likely Case

Session cookie theft allowing attacker to impersonate administrators and access backup management functions.

🟢

If Mitigated

Limited impact if proper input validation and output encoding are implemented.

🌐 Internet-Facing: MEDIUM - Requires admin access but can be exploited remotely if admin interface is exposed.

🏢 Internal Only: MEDIUM - Internal attackers with admin credentials or social engineering could exploit.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires admin privileges to inject XSS payload into description field. Attack is stored/persistent.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Update to version later than 21.02.04

Vendor Advisory: https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-wbsairback-white-bear-solutions

Restart Required: Yes

Instructions:

1. Backup current configuration. 2. Download latest WBSAirback version from vendor. 3. Install update following vendor documentation. 4. Restart WBSAirback services. 5. Verify functionality.

🔧 Temporary Workarounds

Input Validation Filter

linux

Implement server-side input validation to sanitize description field inputs.

# Requires modifying WBSAirback source code to add input sanitization

Web Application Firewall (WAF)

all

Deploy WAF with XSS protection rules to block malicious payloads.

# Configure WAF rules to detect and block XSS patterns in POST requests to /admin/BackupSchedule

🧯 If You Can't Patch

Restrict admin interface access to trusted IP addresses only using firewall rules.
Implement Content Security Policy (CSP) headers to mitigate XSS impact.

🔍 How to Verify

Check if Vulnerable:

Check WBSAirback version via admin interface or configuration files. If version is 21.02.04, system is vulnerable.

Check Version:

grep -i version /path/to/wbsairback/config/files or check admin dashboard

Verify Fix Applied:

After update, verify version is newer than 21.02.04 and test XSS payload injection in description field is blocked.

📡 Detection & Monitoring

Log Indicators:

Unusual POST requests to /admin/BackupSchedule with script tags or JavaScript in parameters
Multiple failed login attempts followed by admin access

Network Indicators:

HTTP requests containing <script> tags or JavaScript functions in description parameter

SIEM Query:

source="web_logs" AND uri_path="/admin/BackupSchedule" AND (description CONTAINS "<script>" OR description CONTAINS "javascript:")

📊 Metadata

CVE ID: CVE-2024-3796

CVSS v3 Score: 4.8 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

CWE: CWE-79

Published: May 14, 2024

Last Updated: April 10, 2025

🔗 References

https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-wbsairback-white-bear-solutions Third Party Advisory
https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-wbsairback-white-bear-solutions Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-3796, you might also want to check these: