In Appspace On-Prem through 7.1.3, an adversary can steal a session token via XSS.Referenceshttps://docs.appspace.com/latest/release-notes/7-1-platform-release-notes/#Patch_Updateshttps://sumukh30.blogspot.com/2020/01/cross-site-scripting-vulnerability-in.html
