Damien Sudol

**Name of the Vulnerable Software and Affected Versions** Nightscout Web Monitor (aka cgm-remote-monitor) version 14.2.2 **Description** The issue allows for XSS via a crafted X-Forwarded-For header. This means an attacker could potentially inject malicious scripts into the website, affecting users who access the page. **Recommendations** For Nightscout Web Monitor (aka cgm-remote-monitor) version 14.2.2, consider restricting access to the X-Forwarded-For header until a patch is available. As a temporary workaround, disabling the use of the X-Forwarded-For header in the application configuration may help minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.