Product
Pachno 1.0.6 is vulnerable to stored cross-site scripting (XSS), allowing attackers to inject malicious HTML or scripts into POST parameters, which are then stored and executed in user browser sessions due to improper sanitization.