PT-2026-32988

Hackage package metadata stored XSS vulnerability User-controlled metadata from .cabal files are rendered into HTML href attributes without proper sanitization, enabling stored Cross-Site Scripting XSS attacks. The specific fields affected are: - homepage - bug-reports - source-repository.locatio...