Cross-site Scripting (XSS)
Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via maliciously crafted data URIs, due to improper user input sanitization in the scrubattribute function. PoC ruby def testsanitizedataprotocol text = '- XSS- XSS' scopeallowedtags %wiframe do...