Pavel Parkhomets

**Name of the Vulnerable Software and Affected Versions** Directum version 5.8.2 **Description** The issue allows for XSS via the HTTP User-Agent header in the "Settings.aspx?view=About" page. **Recommendations** For Directum version 5.8.2, as a temporary workaround, consider restricting access to the "Settings.aspx?view=About" page until a patch is available. Avoid using the `User-Agent` header in this context to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.