0.001 Low
EPSS
Percentile
29.5%
An XSS injection was possible because the sanitization of the Cyrillic character i bypass a protection mechanism against user-inputted HTML elements such as the <script> tag.
github.com/microcosm-cc/bluemonday/commit/524f142fe46e945b7dcd291d7805c4b7dcf75bee
github.com/microcosm-cc/bluemonday/issues/111
github.com/microcosm-cc/bluemonday/releases/tag/v1.0.5