Matt Schmidt

**Name of the Vulnerable Software and Affected Versions** XMPie UStore version 12.3.7244.0 **Description** A persistent cross-site scripting (XSS) issue exists in the administrative panel when editing users, specifically affecting two input fields. **Recommendations** For version 12.3.7244.0, consider temporarily disabling the editing functionality for users in the administrative panel until a patch is available. Restrict access to the administrative panel to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** XMPie uStore version 12.3.7244.0 **Description** The issue allows administrators to generate reports based on raw SQL queries. Since the application ships with default administrative credentials, an attacker may authenticate into the application and exfiltrate sensitive information from the database. **Recommendations** For XMPie uStore version 12.3.7244.0, change the default administrative credentials to prevent unauthorized access and consider restricting the ability to generate reports based on raw SQL queries to minimize the risk of sensitive information exfiltration.