[MEDIUM] Cockpit CMS: Stored cross-site scripting vulnerability in the Set field type's Display template option

PKSA-by8z-q792-wbvd CVE-2026-23695 GHSA-ch4j-vcf5-58x5

Affected package: cockpit-hq/cockpit

Affected version: <=2.14.0

Reported by:
GitHub