Co3K

**Name of the Vulnerable Software and Affected Versions** RedCloth library versions 4.2.9 and earlier **Description** The issue allows remote attackers to inject arbitrary web script or HTML via a `javascript:` URI, which can lead to cross-site scripting (XSS) attacks. This enables attackers to execute malicious scripts on the victim's browser. **Recommendations** For RedCloth library versions 4.2.9 and earlier, consider updating to a version later than 4.2.9 to resolve the issue. As a temporary workaround, consider restricting the use of `javascript:` URIs in the RedCloth library until a patch is available.