Prime Community Forum


https://forum.primefaces.org/

MessageService XSS vulnerability

https://forum.primefaces.org/viewtopic.php?f=77&t=60353

Page 1 of 1

MessageService XSS vulnerability

Posted: 30 Oct 2019, 13:43
by ncetincift
I'm viewing messages from the server with MessageService. If this message contains html tags, MessageService displays it as html. This causes the XSS vulnerability. Therefore, messages displayed with MessageService must be plain text.

Re: MessageService XSS vulnerability

Posted: 16 Dec 2019, 10:56
by merve7
Hi,
Thank you for your feedback. We will talk about this with our team and will offer you a solution.
All times are UTC+02:00
Page 1 of 1
Powered by phpBB® Forum Software © phpBB Limited
https://www.phpbb.com/