Fulusso · Fulusso · CVE-2022-23367
**Name of the Vulnerable Software and Affected Versions**
Fulusso version 1.1
**Description**
A DOM-based cross-site scripting (XSS) issue was found in /BindAccount/SuccessTips.js, allowing attackers to inject malicious code into a victim user's device via open redirection.
**Recommendations**
For Fulusso version 1.1, consider disabling access to the /BindAccount/SuccessTips.js file until a patch is available to prevent exploitation of the DOM-based XSS issue.