Multiple forms in version <0.0.21 allowed injection of HTML elements. These are returned to the user after executing job actions and thus evaluated by the browser.
We recommend to upgrade to version >= 0.0.21
"https://github.com/pypa/advisory-database/blob/main/vulns/ansibleguy-webui/PYSEC-2026-1126.yaml"