CVE-2018-7633

Name of the Vulnerable Software and Affected Versions Epicentro versions 7.3.2 and later

Description The issue concerns code injection in the "/ui/login" form, specifically through the Language parameter, allowing attackers to execute JavaScript code. This is achieved by manipulating a user into issuing a POST request to the vulnerable endpoint.

Recommendations For Epicentro versions 7.3.2 and later, as a temporary workaround, consider restricting access to the "/ui/login" form or disabling the Language parameter until a patch is available. Avoid using the Language parameter in the affected API endpoint until the issue is resolved.