github.com/eolinker/apinto-dashboard is vulnerable to cross-site scripting(XSS) attacks. A remote authenticated attacker is able to inject and execute malicious JavaScript on the victimβs machine due to insufficient checks in /api/discoveries/
file.