CVE-2026-55592
Dashy prior to version 4.3.7 is affected by an XSS related to the workspace URL parameter in the iframe src, where the URL is used without scheme validation. A crafted workspace link with a javascript: URL can execute code in the Dashy origin, allowing access to same-origin data, interaction with...