Rderkach

**Name of the Vulnerable Software and Affected Versions** Zenoss Dashboard versions up to 1.3.4 **Description** A vulnerability was found in an unknown functionality of the file ZenPacks/zenoss/Dashboard/browser/resources/js/defaultportlets.js. The manipulation of the `HTMLString` argument leads to cross-site scripting. The attack can be launched remotely. Upgrading to version 1.3.5 is able to address this issue. **Recommendations** For Zenoss Dashboard versions up to 1.3.4, upgrade to version 1.3.5 to address the issue. As a temporary workaround, consider restricting access to the vulnerable file ZenPacks/zenoss/Dashboard/browser/resources/js/defaultportlets.js until the upgrade is applied.