Getting XSS issue in Contact us page, User communication and in ToDo Commment Box

I’m encountering an XSS issue

1. on the “Contact Us” page. When we enter an XSS URL in the message/comment box, it accepts the URL and displays a “Thank you for your message” response.

conatct us xss981×504 21.6 KB

contact us 21126×603 26.1 KB

2. I’m also encountering an XSS issue in the “User > Activity > Communication” section. When we enter an XSS URL in the message box, it accepts the URL, even though it typically should not.

communication xss1114×555 62.8 KB

communication xss 21009×535 50.1 KB

3. In “User>>ToDo>>Description” it also accepts the xss url.

todo xss825×530 46.1 KB

todo xss 2777×483 43.3 KB

xss todo 3864×582 81.4 KB

You can refer the attachments…