Cross Site Scripting vulnerability in Unit4 Financials by Coda prior to 2023Q4 allows a remote attacker to run arbitrary code via a crafted GET request using the cols parameter.Referenceshttps://packetstormsecurity.com/files/177619/Financials-By-Coda-Cross-Site-Scripting.htmlhttps://www.unit4.com/https://www.unit4.com/products/financial-management-software