CVE-2025-66523 — URL parameters are directly embedded into JavaScript code or HTML attributes without proper encoding or sanitization. This allows attackers to inject arbitrary scripts when an authenticated user visit — CVE Database · The Intelligence Room