Levu12

**Name of the Vulnerable Software and Affected Versions** Postiz versions 2.21.6 through 2.21.6 **Description** Authenticated users with post creation privileges can store arbitrary HTML within post content by tampering with their save request. This content is then rendered on the main application origin using `dangerouslySetInnerHTML` when a user visits the public preview link "/p/<postId>?share=true". **Recommendations** Update to version 2.21.7.