ACME output sent to browser without encoding
ACME issue/renew output is sent directly to the browser without encoding. In some cases, user input may be included in that output, leading to a potential XSS. Notably, the
RootFolder parameter for the
webroot local folder method is affected.
#1 Updated by Jim Pingle 4 months ago
- Status changed from New to Feedback
Fixed in ACME package version 0.6.3_1