Kandemir

**Name of the Vulnerable Software and Affected Versions** WEB STUDIO Ultimate Loan Manager version 2.0 **Description** The issue exists due to the presence of a cross-site scripting (XSS) flaw. This flaw can be exploited by adding a branch under the Branches button and setting the `notes` parameter with crafted JavaScript code. **Recommendations** For WEB STUDIO Ultimate Loan Manager version 2.0, as a temporary workaround, consider disabling the ability to add branches or restrict the input for the `notes` parameter to prevent the execution of malicious JavaScript code until a patch is available.

**Name of the Vulnerable Software and Affected Versions** MyT version 1.5.1 **Description** The issue concerns a problem where the `username` parameter in the User component has XSS. **Recommendations** For MyT version 1.5.1, avoid using the `username` parameter until the issue is resolved.