CVE-2020-36654

Name of the Vulnerable Software and Affected Versions GENI Portal (affected versions not specified)

Description A problematic vulnerability has been found in GENI Portal, affecting the function no invocation id error of the file portal/www/portal/sliceresource.php. The manipulation of the arguments invocation id and invocation user leads to cross-site scripting. It is possible to initiate the attack remotely.

Recommendations To fix this issue, it is recommended to apply a patch named 39a96fb4b822bd3497442a96135de498d4a81337. As a temporary workaround, consider disabling the no invocation id error function until a patch is available. Restrict access to the sliceresource.php file to minimize the risk of exploitation. Avoid using the arguments invocation id and invocation user in the affected function until the issue is resolved.