OpenStack Horizon 9.x through 9.1.1, 10.x through 10.0.2, and 11.0.0 allows remote authenticated administrators to conduct XSS attacks via a crafted federation mapping.
"https://github.com/pypa/advisory-database/blob/main/vulns/horizon/PYSEC-2026-821.yaml"