N407Pengyuyan

**Name of the Vulnerable Software and Affected Versions** HFish version 0.5.1 **Description** An issue was discovered in HFish where XSS code is triggered when the administrator views information after a payload is inserted in the name entry field. **Recommendations** For HFish version 0.5.1, consider restricting access to the name entry field to prevent malicious payload insertion until a fix is available. As a temporary workaround, avoid viewing user-entered information in the administrator panel to minimize the risk of XSS code execution.