CVE-2026-9029 Stored XSS in the Geomap panel tile-layer attribution
A user with Editor permissions can place a malicious script in the attribution field of a Geomap panel's XYZ tile layer via a template variable. The script then executes in the browser of any user who views the affected dashboard stored cross-site scripting...