GHSA-PW3X-C5VP-MFC3 OpenRefine has a reflected cross-site scripting vulnerability (XSS) in GData extension (authorized.vt)
Summary The /extension/gdata/authorized endpoint includes the state GET parameter verbatim in a tag in the output, so without escaping. An attacker could lead or redirect a user to a crafted URL containing JavaScript code, which would then cause that code to be executed in the victim's browser as...