CVE-ID: CVE-2022-35134
Boodskap IoT Platform v4.4.9-02 contains a cross-site scripting (XSS) vulnerability.
The application does not enforce input validation and output sanitization in multiple functionalities.
Example 1: domain name can be set to <script>alert(1)</script>
Example 2: A lower privilege user can change their name to include a XSS payload, and target the admin user
References: