Cross-site Scripting (XSS)
github.com/ctripcorp/apollo is vulnerable to cross-site scripting XSS attacks. The library does not properly escape the variable valueWithHiddenChars in showHiddenChars function in item-modal-directive.js, allowing a malicious user to inject and execute malicious web scripts...