Dmitry Mosichkin

**Name of the Vulnerable Software and Affected Versions** MGate 5121/5122/5123 Series firmware version v1.0 **Description** A stored Cross-site Scripting (XSS) vulnerability exists due to insufficient sanitization and encoding of user input in the `Login Message` functionality. An authenticated attacker with administrative access can exploit this vulnerability to inject malicious scripts that are continuously stored on the device. These scripts are executed when other users access the login page, potentially resulting in unauthorized actions or other impacts, depending on the user's privileges. **Recommendations** For MGate 5121/5122/5123 Series firmware version v1.0, consider disabling the `Login Message` functionality until a patch is available to prevent exploitation of the stored XSS vulnerability. Restrict access to the login page to minimize the risk of unauthorized actions. At the moment, there is no information about a newer version that contains a fix for this vulnerability.