Huthaifa Qashou

**Name of the Vulnerable Software and Affected Versions** Ruckus Unleashed version 200.13.6.1.319 **Description** A reflected Cross Site Scripting (XSS) issue exists in Ruckus Unleashed. The issue is located in the captive-portal endpoint ''selfguestpass/guestAccessSubmit.jsp'' and is triggered through manipulation of the `name` parameter. This allows for the injection of malicious scripts. **Recommendations** Update to a newer version that contains a fix for this vulnerability. As a temporary workaround, sanitize or restrict the input allowed for the `name` parameter in the ''selfguestpass/guestAccessSubmit.jsp'' endpoint.