Cross-Site Scripting (XSS) vulnerability in the Holded application. This vulnerability could allow an attacker to store a JavaScript payload within all editable parameters within the 'General' and 'Team ID' functionalities, which could result in a session takeover.
https://www.incibe.es/en/incibe-cert/notices/aviso/cross-site-scripting-holded-application