CVE-2021-35440
Smashing 1.3.4 is vulnerable to Cross-Site Scripting (XSS) via a crafted widget URL that can execute JavaScript in a victim’s browser and potentially exfiltrate session data/cookies. Affected component: the Smashing widget URL handling; root cause is insufficient input validation/escaping in the ...