CVE-2020-24390

Name of the Vulnerable Software and Affected Versions EyesOfNetwork versions prior to 5.3-7

Description The issue is related to improper escaping of the username on the "/module/admin logs" API endpoint, which might allow pre-authentication stored XSS during login/logout logs recording.

Recommendations For versions prior to 5.3-7, update to version 5.3-7 or later to resolve the issue. As a temporary workaround, consider restricting access to the "/module/admin logs" page to minimize the risk of exploitation. Avoid using the username variable in the affected API endpoint until the issue is resolved.