PT-2021-11056 · Hitachi Vantara · Pentaho
Published
2021-01-29
·
Updated
2021-02-04
·
CVE-2020-24664
CVSS v3.1
5.4
Medium
| Vector | AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions:
Hitachi Vantara Pentaho versions 7.x through 8.x
Description:
The dashboard Editor in Hitachi Vantara Pentaho contains a reflected Cross-site scripting issue, allowing authenticated remote users to execute arbitrary JavaScript code. The vulnerability is specifically located in the
pho:title attribute of the dashboardXml parameter.Recommendations:
For versions prior to 7.1.0.25, update to version 7.1.0.25 or later.
For versions prior to 8.2.0.6, update to version 8.2.0.6 or later.
For versions prior to 8.3.0.0 GA, update to version 8.3.0.0 GA or later.
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Pentaho