Bestdevofc

**Name of the Vulnerable Software and Affected Versions** OnboardLite versions prior to commit 1d32081a66f21bcf41df1ecb672490b13f6e429f **Description** OnboardLite is a membership lifecycle platform. Versions of the software prior to commit 1d32081a66f21bcf41df1ecb672490b13f6e429f contain a stored cross-site scripting issue. This issue can be triggered when an administrator attempts to migrate a user's discord account through the dashboard. The vulnerability allows malicious code to be executed in the context of an administrator's session. **Recommendations** Update to commit 1d32081a66f21bcf41df1ecb672490b13f6e429f or a later version.

Name of the Vulnerable Software and Affected Versions: OnboardLite versions with commit hash 6cca19e or later Description: An attacker can manipulate a link to the trusted application, redirecting users to a malicious external site upon access. This enables phishing, credential theft, malware delivery, and trust abuse. Any version with commit hash 6cca19e or later implements JWT signing for the redirect URL parameter. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.