Cross-site Scripting (XSS) Vulnerability

This document will explain about the Cross-site Scripting (XSS) vulnerability which was discovered in Patch Manager Plus Cloud by Roberto Nunes.

This vulnerability does not affect Patch Manager Plus on-premises

What was the problem?

The XSS vulnerability potentially allows remote attackers to inject client-side scripts (malicious payload) into the Add computer webpage.

What is the cause of this issue?

This issue was due to Improper sanitization of computer name.

Resolution

The fix for the vulnerability is available and has been live since the 25th of September 2020.