Karm Karm

**Name of the Vulnerable Software and Affected Versions** mod cluster versions prior to 1.3.2.Alpha1 **Description** A cross-site scripting (XSS) issue exists in the manager web interface, allowing remote attackers to inject arbitrary web script or HTML via a crafted MCMP message. This could potentially lead to unauthorized access or control of the affected system. **Recommendations** For versions prior to 1.3.2.Alpha1, update to version 1.3.2.Alpha1 or later to resolve the issue. As a temporary workaround, consider restricting access to the manager web interface to minimize the risk of exploitation.