Affine

Two critical XSS vulnerabilities, Reflected XSS in the /image-proxy endpoint and Stored XSS in bookmark cards, were discovered in AFFiNE, a self-hosted alternative to Notion, with the vendor being unresponsive.