Name of the Vulnerable Software and Affected Versions:

Selleo Mentingo version 2025.08.27

Description:

A cross-site scripting issue exists due to manipulation of the `Description` argument in the processing of the `/api/course/enroll-course` endpoint within the Create New Course Basic Settings component. The attack can be launched remotely.

Recommendations:

As a temporary workaround, consider restricting access to the `/api/course/enroll-course` endpoint until a fix is available.

Sanitize the `Description` argument to prevent the injection of malicious scripts.