2 matches found
CVE-2020-35305
Cross site scripting XSS in gollum 5.0 to 5.1.2 via the filename parameter to the 'New Page' dialog...
CVE-2020-35305
CVE-2020-35305 describes a Cross-site Scripting (XSS) vulnerability in gollum versions 5.0 through 5.1.2, exploitable via the filename parameter in the New Page dialog. The root cause is improper handling/escaping of user-supplied filename input that is rendered in the UI, enabling injection of m...