CVE-2020-35305 (gollum): XSS via `filename` parameter to New Page dialog

XSS via `filename` parameter to New Page dialog

Published: July 16, 2022

CVE: CVE-2020-35305 (NVD)
GHSA: GHSA-fj2w-qmjp-3rjm
Vendor Advisory: https://github.com/gollum/gollum/commit/137728cdabc0f60859fcd30404ad2b8fff6ef715

CVSS v3.x: 6.1 (Medium)

< 5.0

>= 5.1.2

Cross site scripting (XSS) in gollum 5.0 to 5.1.2 via the filename parameter to the 'New Page' dialog.