Q4 · Q4 Inc Investor Relations Platform · CVE-2025-29526
**Name of the Vulnerable Software and Affected Versions**
Q4 Inc Investor Relations Platform version 5.147.1.2
**Description**
A Cross-Site Scripting (XSS) issue in the search function allows attackers to execute arbitrary Javascript by injecting a crafted payload into the `SearchTerm` parameter. This enables the execution of malicious scripts, potentially leading to unauthorized actions on the platform.
**Recommendations**
For Q4 Inc Investor Relations Platform version 5.147.1.2, consider restricting access to the search function until a patch is available, and avoid using the `SearchTerm` parameter in the affected search endpoint to minimize the risk of exploitation.