Valve Patches HTML Injection Flaw in Counter-Strike 2
Vulnerability Discovered in CS2’s User Interface
Valve has recently addressed a significant HTML injection vulnerability in its
popular game, Counter-Strike 2 (CS2).
The issue was identified in the game's Panorama user interface, which was built
using CSS, HTML and JavaScript. The vulnerability stemmed from the game's input
fields configured to accept HTML code directly.
This oversight let players inject images and other HTML content into the game
client, bypassing the usual sanitization that