Canguru

**Name of the Vulnerable Software and Affected Versions** q2apro q2apro-on-site-notifications versions up to 1.4.6 **Description** A problematic issue was found, affecting the `process request` function of the file q2apro-onsitenotifications-page.php. This leads to cross-site scripting and can be initiated remotely. **Recommendations** For versions up to 1.4.6, upgrade to version 1.4.8 to address this issue. As a temporary workaround, consider restricting access to the `process request` function of the q2apro-onsitenotifications-page.php file until the upgrade is applied.