K4Nt0R

**Name of the Vulnerable Software and Affected Versions** Q4 Inc Investor Relations Platform version 5.147.1.2 **Description** A Cross-Site Scripting (XSS) issue in the search function allows attackers to execute arbitrary Javascript by injecting a crafted payload into the `SearchTerm` parameter. This enables the execution of malicious scripts, potentially leading to unauthorized actions on the platform. **Recommendations** For Q4 Inc Investor Relations Platform version 5.147.1.2, consider restricting access to the search function until a patch is available, and avoid using the `SearchTerm` parameter in the affected search endpoint to minimize the risk of exploitation.