Sad-Spirit

**Name of the Vulnerable Software and Affected Versions** PEAR HTTP Request2 versions prior to 2.7.0 **Description** The issue concerns multiple files in the tests directory of PEAR HTTP Request2, specifically tests/ network/getparameters.php and tests/ network/postparameters.php, which reflect any GET or POST parameters. This reflection leads to a cross-site scripting (XSS) issue. **Recommendations** For versions prior to 2.7.0, update to version 2.7.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the tests directory, specifically to the files tests/ network/getparameters.php and tests/ network/postparameters.php, until the update is applied.