Cross-site Scripting (XSS)

Overview clevertap-web-sdk is a Affected versions of this package are vulnerable to Cross-site Scripting XSS via the handleCustomHtmlPreviewPostMessageEvent function due to insufficient origin validation using the includes method. An attacker can execute arbitrary scripts in the context of the...