Cross-site Scripting (XSS)
Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the substr parameter, which is output in the metrics.erb view of the Web UI without encoding. This reflected cross-site scripting attack can target users of the victim application or others hosted on the sam...