CVE-2026-33400 Wallos: Stored cross-site scripting (XSS) vulnerability in the payment method rename endpoint

Wallos is an open-source, self-hostable personal subscription tracker. Prior to version 4.7.0, a stored cross-site scripting XSS vulnerability in the payment method rename endpoint allows any authenticated user to inject arbitrary JavaScript that executes when any user visits the Settings,...