Version
Maven: net. microsoft: ms basic<=2.1.13.4
There is an XSS vulnerability in the search function
It can be seen that the XSS was caused by the page returning an error message
The server will encounter errors
As you can see, the error page returned two messages ${code} and ${msg}
Based on the error message, locate it in the XssHttpServletRequestWrapper.clean method, and you can see that the error message returned by the front-end is the exception thrown by the XssHttpServletRequestWrapper.clean method, which directly returns the exception information leading to XSS
Due to XssHttpServletRequestWrapper processing user input parameters before Servlet, it can lead to XSS vulnerabilities