D. Kiryukhin

**Name of the Vulnerable Software and Affected Versions** Vinteo VCC version 2.36.4 **Description** The issue is related to the lack of protection for the web page structure, allowing a remote attacker to conduct a cross-site scripting (XSS) attack. This vulnerability enables attackers to inject arbitrary code, which will be executed by the victim user's browser. The attack is conducted via the `conference` parameter. **Recommendations** For version 2.36.4, consider disabling access to the vulnerable `conference` parameter until a patch is available. Restricting the use of this parameter can help minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.