Sebastian Jeå¼

**Name of the Vulnerable Software and Affected Versions** Eura7 CMSmanager versions 4.6 and below **Description** The issue is related to Reflected XSS attacks, which can be triggered through manipulation of the `return` GET request parameter sent to a specific endpoint. **Recommendations** For Eura7 CMSmanager versions 4.6 and below, apply patch 17012022 to address the vulnerability. As a temporary workaround, consider restricting access to the vulnerable endpoint until the patch is applied. Avoid using the `return` parameter in the affected endpoint until the issue is resolved.