Multiple Reflected cross-site scripting (XSS)

More information

Multiple Reflected cross-site scripting (XSS) vulnerabilities exists in the WithSecure Policy Manager due to an unvalidated parameter in the endpoint a remote attacker can provide a malicious input to trigger a XSS vulnerability.

This issue was reported to WithSecure through the Vulnerability Reward Program. No known exploit or attack has been seen in the wild.


WithSecure would like to thank following person for bringing this issue to our attention.

Kevin Joensen


  • Fixed
  • Risk level

  • Medium
  • Action required

  • User action is required. The Administrator of the system should download the Hotfix and deploy it to the WithSecure Policy Manager. Hotfix 5 published to fix this vulnerability. Download and instructions on: Please note : Hotfix5 also contains all the fixes contained in the previously published Hotfix3 and Hotfix4.
  • Affected products

  • WithSecure Policy Manager for Windows 15 WithSecure Policy Manager for Linux 15 Please note : WithSecure Policy Manager Proxy 15 is not affected by this vulnerability
  • Platforms

  • All supported platforms for the affected products
  • Date issued

  • 2023-01-09