Okrs Goals
Monthly
Stored XSS in Twiser OKRs & Goals (builds 28220 through pre-28398) allows authenticated low-privileged users to inject persistent malicious scripts that execute in other authenticated users' browsers. The CVSS scope change (S:C) confirms cross-user impact - a hallmark of stored XSS where one user's injected payload affects others who subsequently view the same content. No public exploit code or CISA KEV listing has been identified at time of analysis, placing this firmly in standard patch-cycle priority.
Stored XSS in Twiser OKRs & Goals (builds 28220 through pre-28398) allows authenticated low-privileged users to inject persistent malicious scripts that execute in other authenticated users' browsers. The CVSS scope change (S:C) confirms cross-user impact - a hallmark of stored XSS where one user's injected payload affects others who subsequently view the same content. No public exploit code or CISA KEV listing has been identified at time of analysis, placing this firmly in standard patch-cycle priority.