Stored XSS in field name data model
Summary An attacker with admin access to the appliance can inject malicious code that will later be executed by another legitimate users. This allows an attacker to perform unauthorized actions on behalf of legitimate users. JavaScript injection was possible using the field name when adding new...