Hello all, I recently encountered a couple of APIs which were vulnerable to cross-site script attacks through parameters like "description" or "name". These parameters are passed in directly to server-side code and stored in the database. The UI validation at present only checks for the length of the input text. There needs to be a more robust server-side validation to handle XSS attacks.
Could somebody please help me by pointing out if there is an existing way to handle this vulnerability or whether it must be handled from scratch. Thanks in advance! Keta
