Rick Elrod

**Name of the Vulnerable Software and Affected Versions** aap-gateway (affected versions not specified) **Description** A Cross-site Scripting (XSS) vulnerability exists in the gateway component of aap-gateway. This flaw allows a malicious user to perform actions that impact users by using the "?next=" in a URL, which can lead to redirecting, injecting malicious script, stealing sessions and data. The vulnerability exploits the `?next=` parameter in a URL. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability. As a temporary workaround, consider restricting the use of the `?next=` parameter in URLs to minimize the risk of exploitation. Avoid using the `?next=` parameter in URLs until the issue is resolved.