CVE-2018-16960

Name of the Vulnerable Software and Affected Versions Open XDMoD versions prior to 7.5.0

Description An issue was discovered in Open XDMoD, where the html/gui/general/login.php endpoint has a Reflected XSS vulnerability via the xd user formal name parameter.

Recommendations For Open XDMoD versions prior to 7.5.0, update to version 7.5.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the html/gui/general/login.php endpoint until a patch is available. Avoid using the xd user formal name parameter in the affected endpoint until the issue is resolved.