CVE-2023-48255

The vulnerability allows an unauthenticated remote attacker to send malicious network requests containing arbitrary client-side script code and obtain its execution inside a victim’s session via a crafted URL, HTTP request, or simply by waiting for the victim to view the poisoned log. > MITRE Terms of Use apply – see LICENSE‑MITRE.txt