Skip to content
Branch: master
Find file Copy path
Find file Copy path
Fetching contributors…
Cannot retrieve contributors at this time
16 lines (8 sloc) 702 Bytes


Vendor: Center for Computational Research, University at Buffalo

Product: Open XDMoD

Affected versions: < 8.0

Open XDMoD is an open source tool to facilitate the management of high performance computing resources. It is widely deployed at academic, industrial, and government HPC centres. The web interface is written in PHP. The vulnerabilities discussed in this report have been discovered in version 7.5, and will be addressed in the upcoming 8.0 release.


There is a XSS opportunity in "/html/gui/general/login.php" which can be exploited by providing a malicious payload for the "xd_user_formal_name" parameter.

See also CVE-2018-16988, CVE-2018-16961.

You can’t perform that action at this time.