There is a verified XSS vulnerability in the "name" variable for uploaded patch files. There is no input sanitization on the data contained in "name" which allows for injection of javascript code that could be utilized by an attacker.
Further exacerbating this issue is lack of authentication controls in the patch server software.
There is a verified XSS vulnerability in the "name" variable for uploaded patch files. There is no input sanitization on the data contained in "name" which allows for injection of javascript code that could be utilized by an attacker.
Further exacerbating this issue is lack of authentication controls in the patch server software.