Artyombrylev

**Name of the Vulnerable Software and Affected Versions** Sherpa Orchestrator version 141851 **Description** A low-privileged user can elevate their privileges by creating new users and roles. **Recommendations** For Sherpa Orchestrator version 141851, consider restricting the ability of low-privileged users to create new users and roles until a patch is available. As a temporary workaround, limit the access of low-privileged users to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Sherpa Orchestrator version 141851 **Description** The issue allows for stored XSS attacks by an administrator through the `name` parameter when adding or updating licenses. The XSS payload can execute when the license expires. **Recommendations** For Sherpa Orchestrator version 141851, avoid using the `name` parameter in the license addition or update functionality until a fix is available. As a temporary workaround, consider restricting access to the license management feature to minimize the risk of exploitation.