Dragonkeep

**Name of the Vulnerable Software and Affected Versions** otale tale versions 2.0.5 and earlier **Description** A problem has been found in the function OptionsService of the file src/main/resources/templates/themes/default/partial/header.html. The manipulation of the argument `logo url` leads to cross site scripting. The attack may be initiated remotely. This issue only affects products that are no longer supported by the maintainer. **Recommendations** For versions 2.0.5 and earlier, consider disabling the `OptionsService` function or restricting access to the `logo url` argument in the affected file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.