Skip to content

Reflected XSS with dashboard calendar

Moderate
PierreRambaud published GHSA-m2x6-c2c6-pjrx Apr 20, 2020

Package

No package listed

Affected versions

> 1.6.0.0

Patched versions

1.7.6.5

Description

Impact

Reflected XSS with date_from and date_to parameters in the dashboard page

Patches

This problem is fixed in 1.7.6.5

References

Cross-site Scripting (XSS) - Reflected (CWE-79)
Introduce by this commit bedcacf0b45c47d77d0d20b677a04d84876b62d5

Severity

Moderate

CVE ID

CVE-2020-5271

Weaknesses

No CWEs