Steven Roddis

**Name of the Vulnerable Software and Affected Versions** TorrentFlux version 2.1 **Description** A cross-site scripting (XSS) issue exists, allowing remote attackers to inject arbitrary web script or HTML via the `user agent` variable, which is likely obtained from the User-Agent HTTP header, and possibly the `ip resolved` variable. **Recommendations** For TorrentFlux version 2.1, consider restricting access to the admin.php file until a fix is available, and avoid using the `user agent` and `ip resolved` variables in sensitive operations to minimize the risk of exploitation.