CVE-2020-5241 XSS/Script injection vulnerability in matestack

matestack-ui-core RubyGem before 0.7.4 is vulnerable to XSS/Script injection. This vulnerability is patched in version 0.7.4...

matestack-ui-core is vulnerable to XSS/Script injection

matestack-ui-core does not excape strings by default and does not cover this in the docs. matestack-ui-core should escape strings by default in order to prevent XSS/Script injection vulnerability. v0.7.4 fixes that by escaping strings by default...