I7Xc2Yzz

**Name of the Vulnerable Software and Affected Versions** zzdevelop lenosp versions up to 20230831 **Description** A disputed issue affects an unknown part of the Adduser Page component. The manipulation of the `username` argument with the input `<script>alert(1)</script>` leads to cross-site scripting. This can be initiated remotely. The real existence of this issue is still doubted, and the vendor has rejected it, claiming that cross-site scripting requiring administrative privileges is not useful for attackers. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this issue.