Corayli

**Name of the Vulnerable Software and Affected Versions** Archon version 3.21 rev-1 **Description** The issue concerns an XSS vulnerability in the `referer` parameter of an `index.php?subjecttypeid=xxx` request, specifically in the `subjects.php` file within the `packages/subjects/pub` directory. This vulnerability allows for potential exploitation. **Recommendations** For Archon version 3.21 rev-1, consider restricting access to the `referer` parameter in the `index.php?subjecttypeid=xxx` request to minimize the risk of exploitation. As a temporary workaround, avoid using the `referer` parameter in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.