L50

**Name of the Vulnerable Software and Affected Versions** MITRE CALDERA version 4.1.0 **Description** The issue allows stored XSS via the `app.contact.gist` field, also known as the gist contact configuration field, leading to the execution of arbitrary commands on agents. **Recommendations** For MITRE CALDERA version 4.1.0, consider disabling the `app.contact.gist` field until a patch is available to prevent the execution of arbitrary commands on agents. Restrict access to this field to minimize the risk of exploitation.