CVE-2020-28408

Name of the Vulnerable Software and Affected Versions Dundas BI versions through 8.0.0.1001

Description The issue allows for cross-site scripting (XSS) via an HTML label when creating or editing a dashboard. This occurs because the server in Dundas BI does not properly validate user input, specifically HTML labels, which can lead to the execution of malicious scripts.

Recommendations For Dundas BI versions through 8.0.0.1001, consider disabling the ability to create or edit dashboards with HTML labels until a patch is available. Restrict access to dashboard creation and editing features to minimize the risk of exploitation. Avoid using HTML labels in dashboards until the issue is resolved.