CVE-2026-60119
Hi.Events through v1.10.0-beta contains an XSS vulnerability in the event title handling. An authenticated user with event creation/edit privileges can inject HTML/JavaScript by placing a malicious title containing , which is not escaped by JSON.stringify when embedded in inline script data. This...