2026-02-19 10:54:52
SEC-VLab
PUBLISHED
The server API endpoint /report/internet/urls reflects received data into the HTML response without applying proper encoding or filtering. This allows an attacker to execute arbitrary JavaScript in the victims browser if the victim opens a URL prepared by the attacker.