Herombey

**Name of the Vulnerable Software and Affected Versions** Pachno version 1.0.6 **Description** A vulnerability has been identified that allows an authenticated attacker to execute a cross-site scripting (XSS) attack. The issue exists due to inadequate input validation in the Project Description and comments, enabling an attacker to inject malicious JavaScript. **Recommendations** For Pachno version 1.0.6, consider implementing proper input validation for the Project Description and comments to prevent malicious JavaScript injection. As a temporary workaround, restrict the ability to input JavaScript code in these fields until a patch is available.