Cross Site Scripting (XSS vulnerability exists in Portainer prior to 2.9.1 via the node input box in Custom Templates.
portainer portainer