Pantsel ≫ Konga

Konga v0.14.9 is vulnerable to Cross Site Scripting (XSS) via the username parameter.

An issue in Konga v0.14.9 allows attackers to bypass authentication via a crafted JWT token.