Varsha5595

**Name of the Vulnerable Software and Affected Versions** OpenMRS Appointment Scheduling Module versions up to 1.16.x **Description** A vulnerability was found in the OpenMRS Appointment Scheduling Module, affecting the function `getNotes` of the file `api/src/main/java/org/openmrs/module/appointmentscheduling/AppointmentRequest.java` of the component Notes Handler. The manipulation of the argument `notes` leads to cross-site scripting. It is possible to initiate the attack remotely. Upgrading to version 1.17.0 is able to address this issue. **Recommendations** For OpenMRS Appointment Scheduling Module versions up to 1.16.x, upgrade to version 1.17.0 to address the issue. As a temporary workaround, consider restricting access to the `getNotes` function of the Notes Handler component until the upgrade is applied. Avoid using the `notes` argument in the affected component until the issue is resolved.