bluemonday before 1.0.5 allows XSS because certain Go lowercasing converts an uppercase Cyrillic character, defeating a protection mechanism against the “script” string.
CPE | Name | Operator | Version |
---|---|---|---|
bluemonday | eq | 1.0.3 | |
bluemonday | eq | 1.0.2 | |
bluemonday | eq | 1.0.4 | |
bluemonday | eq | 1.0.0 | |
bluemonday | eq | 1.0.1 |