Nicholasyklo

**Name of the Vulnerable Software and Affected Versions** xhEditor version 1.2.2 **Description** The issue allows for cross-site scripting (XSS) attacks through JavaScript code in the SRC attribute of an IFRAME element within the editor's source-code view. **Recommendations** For xhEditor version 1.2.2, consider disabling the ability to insert or edit IFRAME elements within the source-code view as a temporary workaround until a patch is available. Restrict access to the source-code view to minimize the risk of exploitation.