A cross-site scripting vulnerability exists in NCH WebDictate, a web-based dictation recording, editing, and management software, which stems from a failure of the productβs Recipient Name field to properly validate user data, which could be exploited to add or modify affected fields.