CVE-2025-13523 — Mattermost Confluence plugin version <1.7.0 fails to properly escape user-controlled display names in HTML template rendering which allows authenticated Confluence users with malicious display name — CVE Database · The Intelligence Room