CVE-2021-35440

Name of the Vulnerable Software and Affected Versions: Smashing version 1.3.4

Description: The issue allows an attacker to craft a URL for a widget that can execute JavaScript on the victim's computer, potentially stealing data available in the session or cookies, especially in environments where internal URLs are reused or cookies have permissive settings.

Recommendations: For Smashing version 1.3.4, consider disabling the execution of JavaScript code from crafted widget URLs as a temporary workaround until a patch is available. Restrict access to sensitive session data and cookies to minimize the risk of exploitation.