A reflected cross-site scripting (XSS) vulnerability exists in the PAM UI web interface. A remote attacker able to convince a PAM user to click on a specially crafted link to the PAM UI web interface could potentially execute arbitrary client-side code in the context of PAM UI.
Credits
Abdel Adim `smaury` Oisfi of Shielder (https://www.shielder.com) - research@shielder.com
Paolo Cavaglià of Shielder (https://www.shielder.com) - research@shielder.com
