CVE-2026-60119 Hi.Events < 1.11.0 XSS via Event Title JSON.stringify Injection
Hi.Events before 1.11.0 contains a cross-site scripting vulnerability that allows authenticated attackers with event creation or edit permissions to inject arbitrary HTML and JavaScript by embedding a malicious event title containing the sequence, which is not escaped by JSON.stringify when...