Security Bug: XSS (Cross-Site Scripting) vulnerability found in the widget error message. Fix Details: - Escaped widget error messages to prevent XSS. Vulnerability Exploitation: - Malicious URL sent to a user. - Attackers can run JavaScript to steal session cookies or sensitive data. Risk Assessment: - Attackers with access to the dashboard are at risk. - Secure cookies or different domain cookies are harder to steal. - Dashboard on localhost or subdomain increases risk. Timeline: - Reported and tested on June 18, 2021. - Fix released on July 1, 2021. - CVE-2021-35440 assigned. Impact Mitigation: - Exploit risk reduced with secure browsing practices. - Session protection through secure cookies. CVE ID: CVE-2021-35440.