Nacos is a dynamic service discovery, configuration and service management platform for Alibaba (China). It supports DNS-based and RPC-based service discovery, and can provide features such as providing real-time health checks and blocking services from sending requests to unhealthy hosts or service instances. A cross-site scripting vulnerability exists in Nacos version 2.0.3, which stems from the lack of data validation filtering of user-supplied and output data in the pageSize and pageNo parameters. An attacker could exploit this vulnerability to execute JavaScript code on the client side.