This document will explain about the Cross-site Scripting (XSS) vulnerability which was discovered in Patch Manager Plus Cloud by Roberto Nunes.
This vulnerability does not affect Patch Manager Plus on-premises
The XSS vulnerability potentially allows remote attackers to inject client-side scripts (malicious payload) into the Add computer webpage.
This issue was due to Improper sanitization of computer name.
The fix for the vulnerability is available and has been live since the 25th of September 2020.
