HIGH
Gitroom
CVE published 2026-05-08
CVE-2026-42556
Postiz versions 2.21.6 through 2.21.6 (before 2.21.7) contain a stored cross-site scripting vulnerability. Authenticated users with post creation privileges can inject arbitrary HTML into post content by tampering with save requests. This HTML is rendered unsafely via dangerouslySetInnerHTML on public preview pages at /p/<postId>?share=true, enabling attacks against viewers of shared post previews. The vu [truncated]