Dylan Davis

**Name of the Vulnerable Software and Affected Versions** Follet School Solutions Destiny versions prior to 22.0.1 AU1 **Description** A Cross Site Scripting issue allows a remote attacker to execute arbitrary client-side code. This is achieved through the `showSupportExpiredMessage` parameter of the 'handleloginform.do' endpoint. **Recommendations** Update to version 22.0.1 AU1 or later. As a temporary workaround, restrict access to the 'handleloginform.do' endpoint or avoid using the `showSupportExpiredMessage` parameter.

Cross Site Scripting vulnerability in Follet School Solutions Destiny before v22.0.1 AU1 allows a remote attacker to run arbitrary client-side code via the site parameter of handleloginform.do.