Product
A server-side request forgery (SSRF) vulnerability exists in Algovate xhs-mcp 0.8.11 within the xhs_publish_content function, allowing a remote attacker to manipulate the media_paths argument and potentially access internal resources.