Cross-site Scripting (XSS) - Reflected in tagspaces/viewertext
May 18th 2021
viewerText used within the Tagspaces to show a preview of text files is vulnerable to cross site scripting.
🕵️♂️ Proof of Concept
If any HTML is feeded to
It appends it to the dom without any filteration: