Impact
Improper escaping when presenting stored form submissions allowed for an attacker to perform a Cross-Site Scripting attack
Patches
The vulnerability was initially patched in version 1.0.2, and version 1.1.0 includes this patch. The bug was then accidentally re-introduced during a merge error, and has been re-patched in versions 2.2.5 and 3.1.1.
Workarounds
There are no known workarounds for this vulnerability.
Credit
Credit to Thomas McClymont for discovering this vulnerability.
tommcclymont Finder
Impact
Improper escaping when presenting stored form submissions allowed for an attacker to perform a Cross-Site Scripting attack
Patches
The vulnerability was initially patched in version 1.0.2, and version 1.1.0 includes this patch. The bug was then accidentally re-introduced during a merge error, and has been re-patched in versions 2.2.5 and 3.1.1.
Workarounds
There are no known workarounds for this vulnerability.
Credit
Credit to Thomas McClymont for discovering this vulnerability.