PT-2025-52368

Improper neutralization of input during web page generation 'Cross-site Scripting' CWE-79 allows an unauthenticated user to embed a malicious script in content that will be served to web browsers causing cross-site scripting XSS CAPEC-63 via a vulnerability a function handler in the Vega AST...