Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Because of incorrect escaping our app would render some data provided by an attacker as HTML. This qualifies as cross-site scripting (XSS) vulnerability. The HTML code which might contain JavaScript will then be executed in the context of the user viewing the content. This kind of vulnerability could be exploited for different attacks, including an escalation of privileges.

...