CVE-2020-25140

Name of the Vulnerable Software and Affected Versions Observium Professional, Enterprise & Community version 20.8.10631

Description The issue allows for Cross-Site Scripting (XSS) due to the possibility of injecting and storing malicious JavaScript code. This can occur in the pages/contacts.inc.php file.

Recommendations For version 20.8.10631, consider restricting access to the pages/contacts.inc.php file until a patch is available. As a temporary workaround, avoid using the affected file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.