Tag
A reflected cross-site scripting vulnerability (CVE-2026-35169) exists in the LORIS help_editor module due to insufficient sanitization of user-supplied variables, potentially leading to arbitrary markdown file downloads or script execution if a user clicks a crafted link.