jingo prior to 1.9.2 are vulnerable to Cross-Site Scripting (XSS). If malicious input such as
<script>alert(1)</script> is placed in the content of a wiki page, Jingo does not properly encode the input and it is executed instead of rendered as text.
Upgrade to version 1.9.2
publishedAdvisory PublishedDec 18th, 2018
reportedReported by Bob "Wombat" HoggDec 18th, 2018