Cross Site Scripting (XSS vulnerability exists in Portainer before 2.9.1 via the node input box in Custom Templates.
{
"source": "CPE_RANGE",
"cpe": "cpe:2.3:a:portainer:portainer:*:*:*:*:*:*:*:*",
"extracted_events": [
{
"introduced": "0"
},
{
"fixed": "2.9.1"
}
]
}