Cross Site Scripting vulnerability in Unit4 Financials by Coda prior to 2023Q4 allows a remote attacker to run arbitrary code via a crafted GET request using the cols parameter.

Cross Site Scripting vulnerability in Unit4 Financials by Coda v.2024Q1 allows a remote attacker to escalate privileges via a crafted script to the cols parameter.