Adrien Brunner

**Name of the Vulnerable Software and Affected Versions** Typemill versions 2.19.1 and below **Description** Typemill is a flat-file, Markdown-based CMS for informational documentation websites. A reflected Cross-Site Scripting (XSS) issue exists in the login error view template `login.twig`. The `username` value is echoed back without proper encoding when authentication fails, allowing an attacker to execute script in the login page context. **Recommendations** Update to version 2.19.2 or later.