Win-Kel app for iOS: XSS: Account name of "plaintext" breaks the Rental Agreement

Win-Kel Storage app for iOS (version 4.6.2)
Date: 06/17/2019

Description:

If you create an account using "<plaintext>" as your first and last names, this will result in the Legal Text on the EULA breaking.

Here is a screenshot of the Rental Agreement Legal Page, using a regular name of "Roger William":

The page looks normal, as you can see.

Let's take a look at what happens when you changer your first and last name to "<plaintext>"

Change your first and last name to "<plaintext>"...

The first and last names have been changed to "<plaintext>" - now go back and look at the rental agreement...

As you can see, this page cannot handle "<plaintext>" being inserted.

Steps to Reproduce:

1. Download the Win-Kel app for iOS
2. Create an account with the first and last name of "<plaintext>"
3. Look at the Rental Agreement

Result: Using "<plaintext>" as a first and last name for a Win-Kel account breaks the HTML on the Rental Agreement page

Expected: The "<>" characters should probably be restricted in the first and last name fields of the app