CVE-2019-10177

Name of the Vulnerable Software and Affected Versions: CloudForms versions 5.9 through 5.10

Description: A stored cross-site scripting (XSS) issue was discovered in the PDF export component due to improper sanitization of user input. This allows an attacker with minimal privileges to execute a XSS attack against other users, potentially leading to malicious code execution and the extraction of anti-CSRF tokens from higher-privileged users.

Recommendations: For CloudForms versions 5.9 and 5.10, update to a version that properly sanitizes user input in the PDF export component to prevent XSS attacks.