Cz4Rym4Ryo

**Name of the Vulnerable Software and Affected Versions** Agentejo Cockpit version 0.10.2 **Description** An issue was discovered that allows for insufficient sanitization of the `to` parameter in the "/auth/login" API endpoint, enabling the injection of arbitrary JavaScript code into a web page's content. This creates a Reflected XSS attack vector. **Recommendations** For Agentejo Cockpit version 0.10.2, consider disabling access to the "/auth/login" API endpoint until a patch is available, or restrict the `to` parameter to prevent injection of malicious JavaScript code.