Vulnerability Database
296,747
Total vulnerabilities in the database
CVE-2022-22999
Western Digital My Cloud devices are vulnerable to a cross side scripting vulnerability that can allow a malicious user with elevated privileges access to drives being backed up to construct and inject JavaScript payloads into an authenticated user's browser. As a result, it may be possible to gain control over the authenticated session, steal data, modify settings, or redirect the user to malicious websites. The scope of impact can extend to other components.
| Software | From | Fixed in |
|---|---|---|
| westerndigital / my_cloud_pr2100_firmware | - | 5.23.114 |
| westerndigital / my_cloud_pr4100_firmware | - | 5.23.114 |
| westerndigital / my_cloud_ex4100_firmware | - | 5.23.114 |
| westerndigital / my_cloud_ex2_ultra_firmware | - | 5.23.114 |
| westerndigital / my_cloud_mirror_g2_firmware | - | 5.23.114 |
| westerndigital / my_cloud_dl2100_firmware | - | 5.23.114 |
| westerndigital / my_cloud_dl4100_firmware | - | 5.23.114 |
| westerndigital / my_cloud_ex2100_firmware | - | 5.23.114 |
Deep Security Visibility Without the Complexity
SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.
- No setup fees
- 5-min deployment
- Cancel anytime