1. Critical XSS Vulnerability Disclosed in firearm-import.js — innerHTML Without Escaping Exposes CSV Upload Handler
A security researcher has identified a cross-site scripting (XSS) vulnerability in the CSV import error display logic of firearm-import.js, exposing the application's upload interface to potential script injection. The flaw, classified under OWASP A03:2021 (Injection), exists in the error rendering section at lines 64–...