Iratechiapet

Open OnDemand is an open-source high-performance computing portal. Prior to 4.0.11, 4.1.5, and 4.2.2, specially crafted filenames can execute javascript in the file browser This vulnerability is fixed in 4.0.11, 4.1.5, and 4.2.2.

**Name of the Vulnerable Software and Affected Versions** Open OnDemand versions prior to 4.0.9 Open OnDemand versions prior to 4.1.3 **Description** The Files application in Open OnDemand is susceptible to malicious input when navigating to a directory. This issue affects installations prior to versions 4.0.9 and 4.1.3. **Recommendations** Update to Open OnDemand version 4.0.9 or later. Update to Open OnDemand version 4.1.3 or later.