Quirinziessler

**Name of the Vulnerable Software and Affected Versions** 2FA versions prior to 4.0.3 **Description** The issue is related to a Cross Site Scripting (XSS) injection vulnerability in the 2FA Web application, which manages Two-Factor Authentication accounts and generates security codes. The XSS injection can be done via the `account/service` field. This vulnerability was tested in a docker-compose environment. **Recommendations** For versions prior to 4.0.3, update to version 4.0.3 to resolve the issue. As a temporary workaround, consider restricting access to the `account/service` field to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Meldekarten generator versions prior to 1.0.0b1.1.2 **Description** The issue concerns the lack of proper sanitization of user input in text fields, making them susceptible to XSS attacks. This has been addressed in a commit, and there are no known workarounds for this issue. **Recommendations** For versions prior to 1.0.0b1.1.2, upgrade to version 1.0.0b1.1.2 to resolve the issue.