Open Kevinwochan opened 4 years ago
No sanitization is used on messages sent and received.
A registered user can send malicious messages to execute arbitrary JavaScript on all clients. This can be used to retrieve all active JWTs.
No sanitization is used on messages sent and received.
A registered user can send malicious messages to execute arbitrary JavaScript on all clients. This can be used to retrieve all active JWTs.