Sei-Vsarvepalli

**Name of the Vulnerable Software and Affected Versions** CERT/CC VINCE versions prior to 1.50.4 **Description** An HTML injection issue exists, allowing an authenticated attacker to inject arbitrary HTML via a form using the `Product Affected` field. This can be exploited by a remote attacker. **Recommendations** For versions prior to 1.50.4, update to version 1.50.4 or later to resolve the issue. As a temporary workaround, consider restricting access to the `Product Affected` field in the form until a patch is applied.

**Name of the Vulnerable Software and Affected Versions** CERT/CC VINCE versions prior to 1.50.4 **Description** An HTML injection issue exists due to the failure to neutralize special elements. This allows a remote attacker to inject arbitrary HTML code via a crafted email with HTML content in the `Subject` field. An authenticated attacker can exploit this to inject arbitrary HTML. **Recommendations** For versions prior to 1.50.4, update to version 1.50.4 or later to resolve the issue. As a temporary workaround, consider restricting the use of HTML content in email subjects to minimize the risk of exploitation.