Reflected XSS in "Translate DateTime Format"
ntomoya opened this issue · comments
Describe the bug
The output generated by "Translate DateTime Format" do not sufficiently escaped, leading to reflected XSS.
To Reproduce
Steps to reproduce the behaviour or a link to the recipe / input used to cause the bug:
Access to the link below.
https://gchq.github.io/CyberChef/#recipe=Translate_DateTime_Format('Standard%20date%20and%20time','DD/MM/YYYY%20HH:mm:ss','UTC','%5B%3Cscript%3Ealert(document.domain)%3C/script%3E%5D','UTC')&input=Mg
Expected behaviour
The output is properly escaped.
Desktop (if relevant, please complete the following information):
Additional context