Cmos

**Name of the Vulnerable Software and Affected Versions** Openlitespeed version 1.7.9 **Description** A stored cross-site scripting issue exists in the dashboard. An attacker can inject malicious scripts into the `Notes` parameter during listener configuration. These scripts execute when an administrator clicks on the Default Icon. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.