Reflected cross-site scripting (XSS) vulnerability in LabKey Server Community Edition before 18.3.0-61806.763 allows an unauthenticated remote attacker to inject arbitrary javascript via the onerror parameter in the /__r2/query endpoints.
[
{
"product": "LabKey Server Community Edition",
"vendor": "Tenable",
"versions": [
{
"status": "affected",
"version": "Versions before 18.3.0-61806.763"
}
]
}
]