input-validation 2 Cross-Site Scripting (XSS) – Inadequate Input Filter Bypass | Palisade May 30, 2026 Command Injection – Remote Code Execution via rollOptions Parameter | Diceforge Apr 26, 2026