CVE-2020-19515

Name of the Vulnerable Software and Affected Versions: qdPM version 9.1

Description: The issue is related to Cross Site Scripting (XSS) via the database config.php file in the qdPMinstallmodules directory. This allows for potential malicious script execution.

Recommendations: For qdPM version 9.1, consider restricting access to the database config.php file until a patch is available. As a temporary workaround, avoid using the qdPMinstallmodulesdatabase config.php file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.