Aria

**Name of the Vulnerable Software and Affected Versions** HyperVM versions 1.2 and earlier **Description** A cross-site scripting issue exists, allowing remote attackers to inject arbitrary web script or HTML via an encoded `frm action` parameter in the display.php file. The vendor has disputed this issue, but the nature of the dispute is unclear. **Recommendations** For HyperVM versions 1.2 and earlier, as a temporary workaround, consider restricting access to the display.php file until a resolution is determined, and avoid using the encoded `frm action` parameter in this file. At the moment, there is no information about a newer version that contains a fix for this issue.