CVE-2025-29746 Information

Description

Cross Site Scripting vulnerability in Koillection v.1.6.10 allows a remote attacker to escalate privileges via the collection Wishlist and album components

Reference

https://gist.github.com/unklerunkle/73e2ab58d1a5b9129be5de55765ea4fe https://github.com/benjaminjonard/koillection/issues/1329