Stehled1

**Name of the Vulnerable Software and Affected Versions** ITFlow.org versions prior to commit v.432488eca3998c5be6b6b9e8f8ba01f54bc12378 **Description** A Cross Site Scripting issue allows a remote attacker to execute arbitrary code and obtain sensitive information via the settings.php, settings+company.php, settings defaults.php, settings integrations.php, settings invoice.php, settings localization.php, settings mail.php components. **Recommendations** For ITFlow.org versions prior to commit v.432488eca3998c5be6b6b9e8f8ba01f54bc12378, update to a version that includes commit v.432488eca3998c5be6b6b9e8f8ba01f54bc12378 or later to resolve the issue. As a temporary workaround, consider restricting access to the settings.php, settings+company.php, settings defaults.php, settings integrations.php, settings invoice.php, settings localization.php, settings mail.php components until the update is applied.