Ithaca Labs

**Name of the Vulnerable Software and Affected Versions** SAUTER Controls moduWeb firmware version 2.7.1 **Description** The web application does not adequately sanitize request strings of malicious JavaScript, allowing an attacker to execute malicious code in users' browsers and steal sensitive information, including user credentials, through reflective cross-site scripting (XSS). **Recommendations** For SAUTER Controls moduWeb firmware version 2.7.1, consider disabling the web application's ability to execute JavaScript code from request strings until a patch is available. Restrict access to the web application to minimize the risk of exploitation. Avoid using the web application for sensitive operations until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.