CVE-2019-13488

Name of the Vulnerable Software and Affected Versions Trape through 2019-05-08

Description A cross-site scripting issue allows remote attackers to inject arbitrary web script or HTML via the country, query, or refer parameter to the "/register" URI, due to the use of the jQuery prepend() method.

Recommendations For versions through 2019-05-08, as a temporary workaround, consider restricting access to the /register URI or disabling the use of the prepend() method in static/js/trape.js until a fix is available. Avoid using the country, query, or refer parameters in the affected URI until the issue is resolved.