Elsec

**Name of the Vulnerable Software and Affected Versions** VMSMan up to 20250416 **Description** A problem was found in the software. It affects some unknown functionality of the file /login.php. The issue can be exploited by manipulating the `Email` argument with the input "><script>alert(1)</script>, leading to cross-site scripting. The attack can be launched remotely. **Recommendations** For VMSMan up to 20250416, as a temporary workaround, consider restricting access to the /login.php file until a patch is available. Avoid using the `Email` argument in the affected functionality until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this issue.