Jerry Lee

**Name of the Vulnerable Software and Affected Versions** Internet2 Grouper versions 2.2 through 2.3 **Description** A cross-site scripting (XSS) issue allows remote attackers to inject arbitrary web script or HTML via the `code` parameter in the UiV2Public.index component. This could potentially lead to unauthorized actions on the affected system. **Recommendations** For Internet2 Grouper versions 2.2 through 2.3, consider restricting access to the UiV2Public.index component until a patch is available, and avoid using the `code` parameter in this context to minimize the risk of exploitation.