Mhmtayberk

**Name of the Vulnerable Software and Affected Versions** 6Kare Emakin version 5.0.341.0 **Description** The issue is related to Cross Site Scripting (XSS) via the "/rpc/membership/setProfile" endpoint, specifically the `DisplayName` field, which is mishandled when rendering the Activity Stream page. **Recommendations** For version 5.0.341.0, consider disabling the rendering of the `DisplayName` field in the Activity Stream page until a patch is available. Restrict access to the "/rpc/membership/setProfile" endpoint to minimize the risk of exploitation. Avoid using the `DisplayName` field in this endpoint until the issue is resolved.