Ljj

**Name of the Vulnerable Software and Affected Versions** nGrinder versions prior to 3.4 **Description** The issue allows remote attackers to inject arbitrary web script or HTML via the `description`, `email`, or `username` parameter to the "user/save" endpoint. This can lead to cross-site scripting (XSS) attacks. **Recommendations** For versions prior to 3.4, update to version 3.4 or later to resolve the issue. As a temporary workaround, consider restricting user input for the `description`, `email`, and `username` parameters to minimize the risk of exploitation. Avoid using these parameters in the "user/save" endpoint until the issue is resolved.