Shannah

**Name of the Vulnerable Software and Affected Versions** shannah Xataface versions up to 2.x **Description** A problematic issue has been found in the function `testftp` of the file `install/install form.js.php` of the component Installer, leading to cross site scripting. The attack may be launched remotely, with a rather high complexity and difficult exploitation. Upgrading to version 3.0.0 can address this issue. **Recommendations** For shannah Xataface versions up to 2.x, upgrade to version 3.0.0 to address the issue. As a temporary workaround, consider disabling the `testftp` function of the Installer component until the upgrade is applied. Note that the Installer is disabled by default.