Cross-site Scripting (XSS)

github.com/hashicorp/consul is vulnerable to cross-site scripting XSS attacks. The library does not sanitize the sessionName, sessionMeta and aclName strings, allowing an attacker to inject and execute arbitrary script...