This document will explain you about the unwanted HTML injection (CVE-2019-16962) in custom reports.
This vulnerability allows authenticated users to inject arbitrary HTML code in the Report Name parameter.
This has been identified and fixed in Endpoint Central build 10.0.486. To apply this fix, follow the steps below:
Keywords: Security Updates, Vulnerabilities and Fixes.