ID4Portais in version < V.2022.837.002a returns message parameter unsanitized in the response, resulting in a HTML Injection vulnerability.