2026-03-23 21:00:28
cisa-cg
PUBLISHED
Census CSWeb 8.0.1 allows stored cross-site scripting in user supplied fields. A remote, authenticated attacker could store malicious javascript that executes in a victims browser. Fixed in 8.1.0 alpha.