CVE-2026-21483 — listmonk is a standalone, self-hosted, newsletter and mailing list manager. Prior to version 6.0.0, lower-privileged user with campaign management permissions can inject malicious JavaScript into camp — CVE Database · The Intelligence Room