GHSA-XV83-X443-7RMW HTML injection in search results via plaintext message highlighting

Impact Plain text messages containing HTML tags are rendered as HTML in the search results. To exploit this, an attacker needs to trick a user into searching for a specific message containing an HTML injection payload. Cross-site scripting is possible by including resources from recaptcha.net and...

HTML injection in search results via plaintext message highlighting

Impact Plain text messages containing HTML tags are rendered as HTML in the search results. To exploit this, an attacker needs to trick a user into searching for a specific message containing an HTML injection payload. Cross-site scripting is possible by including resources from recaptcha.net and...