Themostknown

**Name of the Vulnerable Software and Affected Versions** LF Edge eKuiper versions prior to 2.0.8 **Description** The issue allows a user with modification rights to inject a cross-site scripting payload into the `id` parameter of a rule. When any user with access to the service makes modifications to the rule, the payload is executed in the victim's browser. **Recommendations** For versions prior to 2.0.8, update to version 2.0.8 to resolve the issue. As a temporary workaround, consider restricting access to the rule modification functionality to minimize the risk of exploitation. Avoid using the `id` parameter in rules until the issue is resolved.