Cross-site Scripting (XSS)

kaminari-core is vulnerable to cross-site scripting XSS. The attack is possible because of an incomplete GET param black-listing, allowing an attacker to inject and execute arbitrary Javascript via the originalscriptname parameter when a user visits pages containing pagination links...