Overview
Versions of jingo
prior to 1.9.2 are vulnerable to Cross-Site Scripting (XSS). If malicious input such as <script>alert(1)</script>
is placed in the content of a wiki page, Jingo does not properly encode the input and it is executed instead of rendered as text.
Remediation
Upgrade to version 1.9.2
Have content suggestions? Send them to [email protected]
Advisory timeline
published
Advisory Publishedreported