AudimexEE before 14.1.1 is vulnerable to Reflected XSS (Cross-Site-Scripting). If the recommended security configuration parameter โunique_error_numbersโ is not set, remote attackers can inject arbitrary web script or HTML via โaction, cargo, panelโ parameters that can lead to data leakage.