CVE-2018-25063

Name of the Vulnerable Software and Affected Versions Zenoss Dashboard versions up to 1.3.4

Description A vulnerability was found in an unknown functionality of the file ZenPacks/zenoss/Dashboard/browser/resources/js/defaultportlets.js. The manipulation of the HTMLString argument leads to cross-site scripting. The attack can be launched remotely. Upgrading to version 1.3.5 is able to address this issue.

Recommendations For Zenoss Dashboard versions up to 1.3.4, upgrade to version 1.3.5 to address the issue. As a temporary workaround, consider restricting access to the vulnerable file ZenPacks/zenoss/Dashboard/browser/resources/js/defaultportlets.js until the upgrade is applied.