Prime Community Forum


https://forum.primefaces.org/

MessageService XSS vulnerability

https://forum.primefaces.org/viewtopic.php?f=35&t=60321

Page 1 of 1

MessageService XSS vulnerability

Posted: 25 Oct 2019, 10:47
by ncetincift
I'm viewing messages from the server with MessageService. If this message contains html tags, MessageService displays it as html. This causes the XSS vulnerability. Therefore, messages displayed with MessageService must be plain text.
All times are UTC+02:00
Page 1 of 1
Powered by phpBB® Forum Software © phpBB Limited
https://www.phpbb.com/