CVE-2025-65924 — ERPNext thru 15.88.1 does not sanitize or remove certain HTML tags specifically `` hyperlinks in fields that are intended for plain text. Although JavaScript is blocked (preventing XSS), the HTML is s — CVE Database · The Intelligence Room