Iodno

**Name of the Vulnerable Software and Affected Versions** Heimdall Application Dashboard versions 2.5.4 and earlier **Description** The issue allows for reflected and stored Cross-Site Scripting (XSS) attacks via the `Application name` variable to the "Add application" page. The stored XSS will be triggered in the "Application list" page. **Recommendations** For Heimdall Application Dashboard versions 2.5.4 and earlier, as a temporary workaround, consider restricting access to the "Add application" page and the "Application list" page until a patch is available. Avoid using the `Application name` variable in the affected pages until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.