Headline
GHSA-fj2w-qmjp-3rjm: Gollum 5.0 before 5.1.2 vulnerable to cross-site scripting via filename parameter to New Page dialog
Cross site scripting (XSS) in gollum 5.0 to 5.1.2 via the filename parameter to the ‘New Page’ dialog.
Gollum 5.0 before 5.1.2 vulnerable to cross-site scripting via filename parameter to New Page dialog
Moderate severity GitHub Reviewed Published Jul 16, 2022 • Updated Jul 20, 2022
Related news
CVE-2020-35305: GOLLUM.COM may be available for sale or other proposals
Cross site scripting (XSS) in gollum 5.0 to 5.1.2 via the filename parameter to the 'New Page' dialog.