Incognito · Incognito Service Activation Center (Sac) Ui · CVE-2024-42834
**Name of the Vulnerable Software and Affected Versions**
Incognito Service Activation Center (SAC) UI version 14.11
**Description**
A stored cross-site scripting (XSS) issue in the Create Customer API allows authenticated attackers to execute arbitrary web scripts or HTML by injecting a crafted payload into the `lastName` parameter. This enables attackers to potentially manipulate the web application's behavior.
**Recommendations**
For Incognito Service Activation Center (SAC) UI version 14.11, consider restricting access to the Create Customer API until a fix is available, and avoid using the `lastName` parameter in this API endpoint to minimize the risk of exploitation.