Cross-site Scripting (XSS)

gollum is vulnerable to cross-site scripting. The vulnerability exists because the breadcrumb function of overview.rb and page.rb does not properly escape the element.tos and title.tos parameters before being rendered on the page, allowing an attacker to inject and execute malicious javascript...