CVE-2023-26961
CVE-2023-26961 affects Alteryx Server 2022.1.1.42590, where uploaded files are not validated for type. This allows an attacker to upload arbitrary files (e.g., JavaScript content) through the type field in a JSON document sent to PUT /gallery/api/media, enabling stored XSS as described in the vul...