Page 1 of 1

MessageService XSS vulnerability

Posted: 30 Oct 2019, 13:43
by ncetincift
I'm viewing messages from the server with MessageService. If this message contains html tags, MessageService displays it as html. This causes the XSS vulnerability. Therefore, messages displayed with MessageService must be plain text.