XSS in Gristlabs Grist-core
CVE-2026-55665
Grist is spreadsheet software using Python as its formula language. Prior to 1.7.15, Grist contained two cross-site scripting vulnerabilities where an attacker-controlled value reached a link's href without scheme validation, so a javascri…
Vulnerability class: XSS (Cross-Site Scripting)
Affected products
- Gristlabs Grist-core — versions < 1.7.15
Weakness classification (CWE)
References
- security-advisories@github.com (x_refsource_MISC)
- security-advisories@github.com (x_refsource_MISC)
- security-advisories@github.com (x_refsource_CONFIRM)