Szarny

**Name of the Vulnerable Software and Affected Versions** gollum versions 5.0 through 5.1.2 **Description** The issue is related to cross site scripting (XSS) via the `filename` parameter to the 'New Page' dialog. This allows for potential exploitation. No information is provided about the estimated number of affected devices or real-world incidents. **Recommendations** For gollum versions 5.0 through 5.1.2, consider restricting access to the 'New Page' dialog until a fix is available. As a temporary workaround, avoid using the `filename` parameter in the affected dialog to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.