Cross Site Scripting (XSS)
@meshconnect/web-link-sdk is vulnerable to cross-site scripting XSS. The vulnerability is due to the lack of sanitization of URL protocols in the createLink.openLink function, which allows an attacker to execute arbitrary JavaScript code in the parent page context and access its DOM, storage,...