@grackle-ai/server: Unescaped Error String in renderPairingPage() HTML Template

Impact The renderPairingPage function embeds the error parameter directly into HTML without escaping: typescript const errorHtml = error ? $error : ""; All current call sites pass hardcoded strings, so this is not exploitable today. However, the function is architecturally fragile — if a future...

CVE-2023-3532

Cross-site Scripting XSS - Stored in GitHub repository outline/outline prior to 0.70.1...

CVE-2023-3532

Cross-site Scripting XSS - Stored in GitHub repository outline/outline prior to 0.70.1...