M0X_Noob

**Name of the Vulnerable Software and Affected Versions** EdgeConnect SD-WAN Orchestrator (affected versions not specified) **Description** The web-based management interface of EdgeConnect SD-WAN Orchestrator contains a flaw that could allow an authenticated remote attacker to perform a stored cross-site scripting (XSS) attack against an administrative user. A successful exploit could enable an attacker to execute arbitrary script code within a victim’s browser, in the context of the affected interface. This could lead to unauthorized and arbitrary configuration changes to the host. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.