Hearyo

**Name of the Vulnerable Software and Affected Versions** Ximdex version 4.0 **Description** The issue concerns an XSS vulnerability. It can be triggered via the "index.php?action=createaccount" endpoint, specifically through the `sname` or `fname` parameters. **Recommendations** For Ximdex version 4.0, consider restricting access to the "index.php?action=createaccount" endpoint until a patch is available, and avoid using the `sname` or `fname` parameters in this endpoint to minimize the risk of exploitation.