Harel Levy

**Name of the Vulnerable Software and Affected Versions** Webasyst version 2.9.9 **Description** The issue allows a remote attacker to run arbitrary code via the Instant messenger field in the Contact info function. This is a Cross Site Scripting vulnerability. **Recommendations** For Webasyst version 2.9.9, consider disabling the Instant messenger field in the Contact info function as a temporary workaround until a patch is available. Restrict access to this function to minimize the risk of exploitation. Avoid using the Instant messenger field until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.