nacos-console is vulnerable to cross-site scripting. The vulnerability exists because the library does not set the xssFilter
option in the ConsoleConfig.java
, allowing an attacker to inject and execute malicious javascript through the pageSize
and pageNo
parameters.