Cr0Wld3R

**Name of the Vulnerable Software and Affected Versions** IngEstate Server version 11.14.0 **Description** The software contains multiple stored cross-site scripting (XSS) issues within the Edit feature of the Software Package List page. These issues allow attackers to execute arbitrary web scripts or HTML by injecting a crafted payload into the `About application`, `What's news`, or `Release note` parameters. **Recommendations** Apply input validation and sanitization to the `About application`, `What's news`, and `Release note` parameters in the Edit feature of the Software Package List page.