OnboardLite is a comprehensive membership lifecycle platform built for student organizations at the University of Central Florida. Versions of the software prio…

OnboardLite, a membership lifecycle platform for University of Central Florida student organizations, contains a stored cross-site scripting (XSS) vulnerability in versions prior to commit 1d32081a66f21bcf41df1ecb672490b13f6e429f. The vulnerability can be triggered when administrators attempt to migrate user Discord accounts through the dashboard. The XSS attack targets administrative users, potentially allowing malicious code execution in their browser sessions. The vulnerability has been patched in the specified commit. This represents a moderate security risk as it requires admin interaction but could lead to privilege escalation or session hijacking.