Cross-site Scripting
Characters in the GET url path are not properly escaped and can be reflected in the server response.
Advisories for Npm/Iobroker.web package
2019
Characters in the GET url path are not properly escaped and can be reflected in the server response.