I have two PVE nodes on v8.3.3 kernel 6.8.4-2-pve both showing XSS problems. Going to https://[node fqdn/node ip]/%22%3E%3Cscript%3Ealert(document.domain)%3C/script%3E.html causes a popup with the URL, confirming an XSS problem. Whatever is doing the error pages where the passed in URL is echoed back to the user seems to be the problem. Is there a way to edit that error page (probably for 404 pages) template to not echo the URLs?