Suko

**Name of the Vulnerable Software and Affected Versions** Tru-Zone NukeET versions 3.0 through 3.1 **Description** A cross-site scripting (XSS) issue exists, allowing remote attackers to inject arbitrary web script or HTML. This is achieved via a base64 encoded `Codigo` parameter in the security.php file. **Recommendations** For versions 3.0 and 3.1, as a temporary workaround, consider restricting access to the security.php file until a patch is available. Avoid using the `Codigo` parameter in the affected endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.