Impact
Plain text messages containing HTML tags are rendered as HTML in the search results. To exploit this, an attacker needs to trick a user into searching for a specific message containing an HTML injection payload. No cross-site scripting attack is possible due to the hardcoded content security policy.
Patches
Version 3.71.0 of the SDK fixes the issue.
Workarounds
Restarting the client will clear the HTML injection.
Impact
Plain text messages containing HTML tags are rendered as HTML in the search results. To exploit this, an attacker needs to trick a user into searching for a specific message containing an HTML injection payload. No cross-site scripting attack is possible due to the hardcoded content security policy.
Patches
Version 3.71.0 of the SDK fixes the issue.
Workarounds
Restarting the client will clear the HTML injection.