Notoriousrip

**Name of the Vulnerable Software and Affected Versions** OX App Suite versions prior to 7.10.4 **Description** The issue allows for XSS in the stats/diagnostic endpoint, specifically when the `param` variable is used. This could potentially lead to malicious script execution. **Recommendations** For OX App Suite versions prior to 7.10.4, update to version 7.10.4 or later to resolve the issue. As a temporary workaround, consider restricting access to the `/stats/diagnostic` endpoint until a patch is available. Avoid using the `param` variable in the affected endpoint until the issue is resolved.