Alemusix

**Name of the Vulnerable Software and Affected Versions** AML Surety Eco versions up to 3.5 **Description** The issue allows an attacker to run arbitrary code via a crafted GET request using the `id` parameter. This is a Cross Site Scripting (XSS) issue. **Recommendations** For AML Surety Eco versions up to 3.5, avoid using the `id` parameter in GET requests until a fix is available. As a temporary workaround, consider restricting access to the affected module to minimize the risk of exploitation.