HIGH
Youtu
CVE published 2026-04-28
CVE-2026-38949
CVE-2026-38949 is a high-severity Cross-Site Scripting (XSS) issue published on 2026-04-28 and updated on 2026-05-10. The vulnerability is described as affecting HTMLy 3.1.1 in the content creation workflow at /add/content?type=image, where user input is not properly sanitized and can lead to arbitrary script injection. NVD maps the weakness to CWE-79 and lists the CVSS v3.1 vector as AV:N/AC:L/PR:L/UI:R/ [truncated]