GHSA-CPM7-CFPX-3HVP Emissary has Stored XSS via Navigation Template Link Injection
Summary Mustache navigation templates interpolated configuration-controlled link values directly into href attributes without URL scheme validation. An administrator who could modify the navItems configuration could inject javascript: URIs, enabling stored cross-site scripting XSS against other...