Volkan Erciyas

**Name of the Vulnerable Software and Affected Versions** Profelis IT Consultancy SambaBox versions 4.0 and prior versions **Description** The issue is related to an Improper Neutralization of Script-Related HTML Tags in a Web Page, also known as Basic XSS, in the Group Functionality of Profelis IT Consultancy SambaBox. This allows an authenticated user to execute arbitrary codes on the vulnerable server. **Recommendations** For Profelis IT Consultancy SambaBox versions 4.0 and prior versions, consider disabling the Group Functionality until a patch is available to prevent the execution of arbitrary codes on the server. Restrict access to the vulnerable server to minimize the risk of exploitation. Avoid using the vulnerable version of SambaBox until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.