Rendering HTML tags instead of text in the live chat functionality of Omnichannel customer service module
In the live chat functionality, when we input html tags it is rendering html input from the customer as actual HTML in the live-chat and not text. This ability allows the attacker to inject links and other HTML elements in the hope of getting the customer support agent to fill out (i.e. userna...
STATUS DETAILS
New