Dougburks

**Name of the Vulnerable Software and Affected Versions** CyberChef versions prior to 8.31.3 **Description** The issue allows for Cross-Site Scripting (XSS) in the `TextEncodingBruteForce.mjs` operation. Specifically, in the `Text Encoding Brute Force` function, table rows are created by concatenating the `value` variable unsanitized in the HTML code. If the `value` variable is controlled by user input, it allows attackers to execute arbitrary JavaScript in a victim's browser. **Recommendations** Upgrade to version 8.31.3 or later. As a temporary workaround, consider restricting the use of the `Text Encoding Brute Force` function until a patch is applied. Avoid using unsanitized user input in the `value` variable to minimize the risk of exploitation.