CVE-2026-53641
FOSSBilling versions 0.6.0–0.7.2 contain a stored XSS vulnerability in the client email history views. Email HTML content is rendered into a JavaScript template literal via the |raw filter, bypassing output escaping, allowing an admin to inject JavaScript payloads that execute in a client’s brows...