Fenix08

**Name of the Vulnerable Software and Affected Versions** RLE NOVA PlanManager (affected versions not specified) **Description** A stored Cross-Site Scripting (XSS) issue exists in RLE NOVA's PlanManager. An attacker can inject malicious JavaScript code through the `comment` and `brand` parameters in the '/index.php' endpoint. The application stores this payload and displays it to other users without proper sanitization, potentially allowing the attacker to steal sensitive user data, like session cookies, or perform actions as the user. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.