Tag: reflected xss

The plugin does not sanitise or escape user input appended to the DOM via a malicious hash, resulting in a DOM Cross-Site Scripting issue. The issue was initially fixed in 3.1.4, however re-introduced in 3.2.0. The base64 string is an encoded JSON with the following structure: This vulnerability has been fixed in the version 3.1.4.…