Silent6Trinity

**Name of the Vulnerable Software and Affected Versions** Sunhillo SureLine versions through 8.10.0 **Description** The issue allows for cgi/usrPasswd.cgi userid change XSS within the Forgot Password feature. This can be exploited through the `/cgi/usrPasswd.cgi` endpoint, specifically targeting the `userid change` parameter. **Recommendations** For Sunhillo SureLine versions through 8.10.0, consider disabling the Forgot Password feature until a patch is available. Restrict access to the `/cgi/usrPasswd.cgi` endpoint to minimize the risk of exploitation. Avoid using the `userid change` parameter in the affected API endpoint until the issue is resolved.