CVE-2026-55665
Grist spreadsheet app vulnerable to DOM-based XSS prior to version 1.7.15. Two flaws allowed attacker-controlled values to appear in link hrefs without scheme validation, enabling a javascript URL to execute in a victim’s Grist origin on a single click. Specifically, on the account-selection page...