Join GitHub today
GitHub is home to over 28 million developers working together to host and review code, manage projects, and build software together.Sign up
One persistent and one reflected XSS #10795
There is another one which is not as critical. When you create an account, the next step will ask for a username. This field will not save HTML control characters but you will receive an error which shows the attempted username unescaped.
Nothing critical but it is there.
referenced this issue
May 20, 2018
Following CVE was assigned: CVE-2018-13879