@saltcorn/server

Saltcorn's Reflected XSS and Command Injection vulnerabilities can be chained for 1-click-RCE

Saltcorn has an Unauthenticated Path Traversal in sync endpoints, allowing arbitrary file write and directory read

Saltcorn: SQL Injection via Unparameterized Sync Endpoints (maxLoadedId)

Saltcorn: Open Redirect in `POST /auth/login` due to incomplete `is_relative_url` validation (backslash bypass)