Benedikt Haußner

**Name of the Vulnerable Software and Affected Versions** IsarNet AG IsarFlow version 5.23 **Description** A stored cross-site scripting (XSS) vulnerability allows authenticated attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the `dashboard title` parameter in the IsarFlow Portal. This issue enables attackers to inject malicious code, potentially leading to unauthorized actions or data exposure. **Recommendations** For IsarNet AG IsarFlow version 5.23, consider disabling the dashboard title parameter until a patch is available to prevent exploitation. Restrict access to the IsarFlow Portal to minimize the risk of arbitrary web script execution. Avoid using the `dashboard title` parameter in the affected portal until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.