This repository has been archived by the owner on Jun 26, 2020. It is now read-only.
v10.0.1
Bug fixes
-
Fixed a cross-site scripting (XSS) vulnerability which allowed remote attackers to inject arbitrary web script through a crafted href attribute of a link (A) element. CVE-2018-11093. (8cb782e)
This issue was reported indepdentently by Toan Chi Nguyen from Techlab Corporation and Michal Bazyli. Thank you!