Statix

**Name of the Vulnerable Software and Affected Versions** List Site Pro version 2.0 **Description** The issue allows remote attackers to hijack user accounts by inserting a "|" (pipe) into the `bannerurl` field, which is used as a field delimiter. **Recommendations** For List Site Pro version 2.0, consider restricting access to the `bannerurl` field to prevent exploitation until a patch is available. As a temporary workaround, avoid using the "|" (pipe) character in the `bannerurl` field.