Cross-site Scripting (XSS)
Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS due to unsanitized attribute values by the link Twig function. PoC php Dangerous user supplied variable % set payload = 'alertxss' % Here, Twig escapes it payload Here it is not escaped linkpayload,...