XSS vulnerability - How to prevent

when navigating to the API metadata page with some scripting it’s not prventing xss scripting

Example ending
/jsonl/metadata/?op=LicenseQuery&lang=%27%3E%22%3Csvg/onload=confirm(%27XSS%27)%3E](https://myapi.com/jsonl/metadata/?op=LicenseQuery&lang='>"<svg/onload=confirm('XSS')>)(https://myapi.com/jsonl/metadata/?op=LicenseQuery&lang='>"<svg/onload=confirm('XSS')>) ).

How can i prevent this from happening?

This was caused by including the unknown language in the Exception, fixed in this commit.

This change will be available from the latest v8.2.3+ available in about 10 minutes in the Pre Release packages.

Thanks for updating this

1 Like

Now available in the pre-release packages.

1 Like