Zhouxingixng

**Name of the Vulnerable Software and Affected Versions** imcat version 4.5 **Description** The issue is related to Stored XSS, which occurs via the "root/run/adm.php" API endpoint, specifically through the `fm[instop][note]` parameter. **Recommendations** For imcat version 4.5, avoid using the `fm[instop][note]` parameter in the "root/run/adm.php" API endpoint until a fix is available. Consider restricting access to this endpoint to minimize the risk of exploitation.