Ellucian has identified a Reflected Cross-Site Scripting (XSS) vulnerability in the Ethos Identity CAS logout endpoint. Customers not using CAS are not impacted.
This will be addressed in the next release of Ethos Identity.
Login into your Ellucian Customer Center to get details on how to mitigate it through configuration changes.