Ozkan Aziz

**Name of the Vulnerable Software and Affected Versions** Mercury SiteScope version 8.1.2.0 **Description** The issue allows remote authenticated users to inject arbitrary web script or HTML via specific fields, including any field create name field except "create new group name" or any description field. **Recommendations** For Mercury SiteScope version 8.1.2.0, consider restricting access to the create name field and description fields to minimize the risk of exploitation until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Mercury SiteScope version 8.1.2.0 Mercury SiteScope version 8.2 **Description** The issue allows remote authenticated users to cause a denial of service, resulting in a loss of connectivity to the classic interface. This can be achieved via attempted HTML injection into the `new monitor description` field. **Recommendations** For Mercury SiteScope version 8.1.2.0, avoid using the `new monitor description` field until a fix is available. For Mercury SiteScope version 8.2, restrict access to the `new monitor description` field to prevent HTML injection attempts until a patch is released.