Kai6U

**Name of the Vulnerable Software and Affected Versions** inducer relate versions prior to 2024.1 **Description** The issue allows a remote attacker to escalate privileges via a crafted payload to the `Answer` field of `InlineMultiQuestion` parameter on `Exam` function. This enables the attacker to execute malicious scripts on the system. **Recommendations** For versions prior to 2024.1, update to version 2024.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the `Exam` function and limiting the use of the `InlineMultiQuestion` parameter to minimize the risk of exploitation. Avoid using the `Answer` field in the affected function until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** inducer versions prior to 2024.1 **Description** The issue allows a remote attacker to execute arbitrary code via a crafted payload to the Page Sandbox feature. **Recommendations** For versions prior to 2024.1, update to version 2024.1 or later to resolve the issue.