Samir Benzammour

**Name of the Vulnerable Software and Affected Versions** Glossarizer versions 1.5.2 and earlier **Description** The issue arises from the improper conversion of text into HTML, potentially leading to stored XSS attacks. Although the application itself escapes special characters, the underlying library converts these encoded characters into legitimate HTML. Attackers can exploit this by appending a XSS payload to a word with a corresponding glossary entry. **Recommendations** For Glossarizer versions 1.5.2 and earlier, consider disabling the HTML conversion feature until a patch is available. Restrict access to glossary entries that may contain malicious payloads to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.