Signal

Stored XSS in Memray-generated HTML reports via unescaped command-line metadata

XSS in @leanprover/unicode-input-component Severity: low Identifiers: [{"cve_id": "CVE-2026-32732"}, {"identifiers": [{"value": "GHSA-6ggm-pwr9-r5h2", "type": "GHSA"}, {"value": "CVE-2026-32732", "type": "CVE"}]}].

github

stored_xss

Evidence locked

Today's free sample is only available for the edition's flagship signal.

Back Unlock Pro

Evidence preview

Stored XSS in Memray-generated HTML reports via unescaped command-line metadata
github_advisories
XSS in @leanprover/unicode-input-component
github_advisories
LeafKit's HTML escaping may be skipped for Collection values, enabling XSS
github_advisories