Cross-Site Scripting Vulnerability

This document explains the Cross-site Scripting Vulnerability on the DomainList page under proxy settings as reported by Walter.

What was the problem?

This vulnerability allows unauthenticated users to perform stored XSS via pageType and urlType parameters which helps to perform further operations.

How do I fix it?

This has been identified and fixed in Endpoint Central build 10.0.585. To apply this fix, please follow the steps below:

  1. Log in to your Endpoint Central console, click on your current build number on the top-right corner.
  2. You'll be able to find the latest build applicable to you. Download the PPM and update.
  3.  

    Keywords: Security Updates, Vulnerabilities, validatedUrls.do