Klára Szvitková

Name of the Vulnerable Software and Affected Versions: Hitachi Vantara Pentaho versions 7.x through 8.x Description: The issue is a DOM-based Cross-site scripting vulnerability that allows authenticated remote users to execute arbitrary JavaScript code. Specifically, the vulnerability lies in the `Analysis Report Description` field in the `About this Report` section. Recommendations: For versions 7.x through 8.x, update to version 8.3.0.9, 9.0.0.1, or 9.1.0.0 GA to resolve the issue. As a temporary workaround, consider restricting access to the `Analysis Report Description` field in the `About this Report` section until a patch is available.