EPSS
Percentile
29.3%
remark42 before 1.6.1 allows XSS, as demonstrated by βLocator: Locator{URL:β followed by an XSS payload. This is related to backend/app/store/comment.go and backend/app/store/service/service.go.
github.com/umputun/remark42/compare/v1.6.0...v1.6.1
vuln.ryotak.me/advisories/19