Piglet

**Name of the Vulnerable Software and Affected Versions** Wavelog versions 1.8.0 and earlier **Description** A problem was found in the function index of the file /qso of the component Live QSO. The manipulation of the `manual` argument leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. **Recommendations** For versions 1.8.0 and earlier, upgrade to version 1.8.1 to address this issue. As a temporary workaround, consider restricting access to the `/qso` API endpoint of the Live QSO component until the issue is resolved. Avoid using the `manual` argument in the affected API endpoint until the issue is resolved.