[HIGH] ipl/web is vulnerable to reflected XSS by malformed search requests

PKSA-k319-99m7-bjxd CVE-2026-42224 GHSA-55wf-5m3q-6jjf

Affected version: <=0.13.0

Reported by:
GitHub

[LOW] ipl/web's `ipl\Web\Common\CsrfCounterMeasure` is susceptible to CSRF

PKSA-znv8-25tz-7yd7 CVE-2024-41811 GHSA-w9pg-7c3h-fc8j

Affected version: <0.10.1

Reported by:
GitHub