Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
In Home Assistant before 0.57, it is possible to inject JavaScript code into a persistent notification via crafted Markdown text, aka XSS.
Advisories for Npm/Home-Assistant-Frontend package
2022