From 2cb68c3e9899691b1e0abeb6993c37c97a61dcdb Mon Sep 17 00:00:00 2001
From: Bhaskara Ram <39507881+bhaskarvilles@users.noreply.github.com>
Date: Fri, 29 Apr 2022 12:22:14 +0530
Subject: [PATCH] fix(security): mitigate Cross-Site Scripting attack (XSS)

Unsanitized input from an HTTP parameter flows into send, where it is
used to render an HTML page returned to the user. This may result in a
Cross-Site Scripting attack (XSS).

Signed-off-by: Bhaskara Ram <39507881+bhaskarvilles@users.noreply.github.com>
Signed-off-by: Peter Somogyvari <peter.somogyvari@accenture.com>
---
 .../src/main/typescript/routing-interface/routes/index.ts       | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/packages/cactus-cmd-socketio-server/src/main/typescript/routing-interface/routes/index.ts b/packages/cactus-cmd-socketio-server/src/main/typescript/routing-interface/routes/index.ts
index e8fcbf8144..544cf166eb 100644
--- a/packages/cactus-cmd-socketio-server/src/main/typescript/routing-interface/routes/index.ts
+++ b/packages/cactus-cmd-socketio-server/src/main/typescript/routing-interface/routes/index.ts
@@ -100,7 +100,7 @@ router.delete(
   "/api/v1/bl/wallets/:id",
   (req: Request, res: Response, next: NextFunction) => {
     try {
-      res.send(
+      res.render(
         "Not Implemented (Delete a Wallet" + ", id=" + escapeHtml(req.params.id) + ")\n",
       );
     } catch (err) {