CVE-2017-16755

Name of the Vulnerable Software and Affected Versions: Userscape HelpSpot versions prior to 4.7.2

Description: A reflected cross-site scripting issue exists in the "return" parameter of the "index.php?pg=moderated" API endpoint. It executes when the return link is clicked.

Recommendations: For versions prior to 4.7.2, update to version 4.7.2 or later to resolve the issue. As a temporary workaround, consider restricting access to the "index.php?pg=moderated" endpoint until a patch is applied. Avoid using the return parameter in the affected endpoint until the issue is resolved.