Cross-site scripting (XSS) vulnerability exists in Coder Code-Server prior to 3.12.0, allows malicious users to execute arbitrary code via crafted URL.
coder code-server