Charles H

**Name of the Vulnerable Software and Affected Versions** Maximus SchoolMAX versions 4.0.1 and earlier iCue versions prior to 4.0.1 iParent versions prior to 4.0.1 **Description** The issue is related to a cross-site scripting (XSS) vulnerability. This vulnerability allows remote attackers to inject arbitrary web script or HTML via the `error msg` parameter in the icue login.asp file. **Recommendations** For Maximus SchoolMAX version 4.0.1 and earlier, update to a version later than 4.0.1. For iCue versions prior to 4.0.1, update to a version later than 4.0.1. For iParent versions prior to 4.0.1, update to a version later than 4.0.1. As a temporary workaround, consider restricting access to the icue login.asp file until a patch is available. Avoid using the `error msg` parameter in the affected icue login.asp file until the issue is resolved.