Sayali Kukarni

**Name of the Vulnerable Software and Affected Versions** Expedition Migration tool versions 1.1.8 and earlier **Description** The issue arises from inadequate protection of the web page structure, allowing a remote attacker to exploit the vulnerability and execute arbitrary JavaScript or HTML code. This can be achieved by an authenticated attacker in the User Mapping Settings for the admin user account. **Recommendations** For Expedition Migration tool versions 1.1.8 and earlier, consider disabling access to the User Mapping Settings until a patch is available to prevent exploitation. Restrict the ability to run arbitrary JavaScript or HTML code in the affected settings to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** The Expedition Migration tool versions 1.1.8 and earlier **Description** The issue allows an authenticated attacker to run arbitrary JavaScript or HTML in the LDAP server settings. This is due to a lack of protection for the web page structure. Exploitation of the issue may enable a remote attacker to execute arbitrary JavaScript or HTML code. **Recommendations** For versions 1.1.8 and earlier, update to a version that addresses this issue, as no specific workaround is provided for these versions. At the moment, there is no information about a newer version that contains a fix for this vulnerability.