Amy K. Farrell

**Name of the Vulnerable Software and Affected Versions** Ushahidi Platform versions prior to 2.5 **Description** The issue concerns multiple cross-site scripting (XSS) vulnerabilities. These vulnerabilities are located in the application/views/admin/layout.php and themes/default/views/header.php files. They allow remote authenticated users to inject arbitrary web script or HTML via vectors related to a site name. **Recommendations** For versions prior to 2.5, update to version 2.5 or later to resolve the issue. As a temporary workaround, consider restricting access to the layout.php and header.php files to minimize the risk of exploitation. Avoid using the site name field in a way that could allow injection of malicious scripts until the issue is resolved.