CVE-2020-18468

Name of the Vulnerable Software and Affected Versions: qdPM version 9.1

Description: A Cross Site Scripting (XSS) issue exists in the Heading field found in the Login Page under the General menu. This can be exploited via a crafted website name by doing an authenticated POST HTTP request to "/qdPM 9.1/index.php/configuration".

Recommendations: For qdPM version 9.1, as a temporary workaround, consider restricting access to the Heading field in the Login Page until a patch is available. Avoid using crafted website names in the Heading field to minimize the risk of exploitation.