Simoheinonen

**Name of the Vulnerable Software and Affected Versions** EasyCorp EasyAdmin versions up to 4.8.9 **Description** A vulnerability was found in the Autocomplete function of the file assets/js/autocomplete.js, which can lead to cross-site scripting. The manipulation of the `item` argument is the cause of this issue. The attack can be launched remotely. **Recommendations** For versions up to 4.8.9, upgrade to version 4.8.10 to address this issue. As a temporary workaround, consider disabling the Autocomplete function until a patch is available. Restrict access to the `assets/js/autocomplete.js` file to minimize the risk of exploitation. Avoid using the `item` argument in the affected Autocomplete function until the issue is resolved.