I am currently researching at some webapplication vulnerabilities especially client-side vulnerabilities like XSS. I have already read some topics about this issue. They said it was possible to inject malicious code inside XHTML.
But I would like to know how the current situation is like? Is it still possible to use XSS for attacking the Vaadin framework? Could anyone give some code example for a simple vulnerability?
In case Vaadin is not vulnerable against XSS anymore - what would be (theoretically) a way to use a client-side vulnerability?