Kamil Suska

**Name of the Vulnerable Software and Affected Versions** Geutebrueck re porter versions prior to 7.8.974.20 **Description** A reflected cross-site scripting issue exists by appending a query string to "API Endpoints" such as /modifychannel/exec or /images/*.png on TCP port 12005. **Recommendations** For versions prior to 7.8.974.20, update to version 7.8.974.20 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Geutebrueck re porter versions prior to 7.8.974.20 **Description** The issue allows for unauthenticated access to sensitive information, including usernames and hashes. This can be achieved by making a direct request for the "statistics/gscsetup.xml" endpoint on TCP port 12003. **Recommendations** For versions prior to 7.8.974.20, update to version 7.8.974.20 or later to resolve the issue. As a temporary workaround, consider restricting access to the /statistics/gscsetup.xml endpoint on TCP port 12003 to minimize the risk of exploitation.