Os909

**Name of the Vulnerable Software and Affected Versions** Ivanti Service Manager version 2021.1 **Description** The issue allows reflected XSS via the `appName` parameter associated with ConfigDB calls, such as in "RelocateAttachments.aspx". **Recommendations** For Ivanti Service Manager version 2021.1, consider restricting access to the `appName` parameter in ConfigDB calls to minimize the risk of exploitation. As a temporary workaround, avoid using the `appName` parameter in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.