CVE-2024-28100 Stored Cross-site Scripting leading to arbitrary actions taken on behalf of users in elabftw
eLabFTW is an open source electronic lab notebook for research labs. By uploading specially crafted files, a regular user can create a circumstance where a visitor's browser runs arbitrary JavaScript code in the context of the eLabFTW application. This can be triggered by the visitor viewing a li...