CVE-2026-21483
CVE-2026-21483 affects listmonk prior to 6.0.0. A lower-privileged user with campaign-management permissions can inject malicious JavaScript into campaigns or templates. When a Super Admin views or previews the content, a stored XSS executes in the admin’s browser context, enabling actions such a...