Primary

Context

Open OnDemand JavaScript Execution Vulnerability in File Browser

Vulnerability

Patched

A vulnerability in Open OnDemand, an open-source high-performance computing portal, allows specially crafted filenames to execute JavaScript in the file browser. This issue affects versions prior to 4.0.11, 4.1.5, and 4.2.2.

Impact

Exploitation of this vulnerability allows for cross-site scripting (XSS) attacks, where an attacker can inject and execute malicious JavaScript in the victim's browser.

Remediation

Users can upgrade to Open OnDemand versions 4.0.11, 4.1.5, or 4.2.2 to address this vulnerability.

Added: May 14, 2026, 3:23 PM

Updated: May 14, 2026, 3:23 PM

Vulnerability Rating

Custom Algorithm

spread

1.9

impact

1.7

exploitability

5.0

remediation

7.7

relevance

8.3

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

1.9

impact

1.7

exploitability

5.0

remediation

7.7

relevance

8.3

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Open OnDemand JavaScript Execution Vulnerability in File Browser

Vulnerability

Impact

Remediation

Affected Products

Open OnDemand

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating