Issue
- Persistent XSS vulnerability found in the Web Page builder.
Environment
- DXP 7.4
Resolution
- This is expected behavior, the HTML fragment does not provide any out-of-the-box sanitation, as it is expected that clients will allow only advanced roles to use it, and clients can restrict its access through configuring the Master page to not allow its usage.