Sandro Mani

**Name of the Vulnerable Software and Affected Versions** QGIS QWC2 versions prior to 2025.08.14 **Description** A Cross-Site Scripting issue exists in the attribute table functionality. This allows an authorized attacker to inject arbitrary JavaScript code into the page. **Recommendations** Update QGIS QWC2 to a version later than 2025.08.14.

**Name of the Vulnerable Software and Affected Versions** QGIS QWC2 Registration GUI versions through 2025.03.31 **Description** A cross-site scripting issue exists in QGIS QWC2 Registration GUI. An authorized attacker can inject arbitrary JavaScript code into the page. **Recommendations** Update QGIS QWC2 Registration GUI to a version later than 2025.03.31.