Key Information Vulnerability Type Cross-Site Scripting (XSS): Reflected Cross-Site Scripting Affected Versions Affected Versions: <= 3.4.2 Fixed Version: 3.4.3 Vulnerability Details Vulnerable Endpoint: Parameter: Description: The application fails to validate and sanitize user input in the parameter, allowing malicious script injection. PoC (Proof of Concept) Payload: Request Example: Impact User Actions: Attackers can perform any action that the user is authorized to do. Data Theft: Attackers can steal data or install malware on the user’s machine. Account Hijacking: Attackers can manipulate or steal cookies, or leak sensitive information. Malicious Code Execution: Attackers can execute malicious code on the user’s system. Reputation Damage: Attackers can defame the company’s website or spread false information. Misdirection: Attackers can alter instructions given to users; if the target is a government website or provides critical resources, this could be extremely dangerous. CVSS Score Severity: Medium (6.4/10) CVE ID CVE-2025-53377 Weakness CWE-79