github.com/hashicorp/nomad is vulnerable to cross-site scripting (XSS). An attacker is able to inject and execute JavaScript in a user’s browser via a malicious workload in the cluster. The user’s browser executes the file when it is displayed in its raw form from the API or UI.