Name of the Vulnerable Software and Affected Versions buefy versions prior to 0.7.2

Description The issue allows attackers to manipulate the DOM and execute remote code due to Cross-Site Scripting. This is caused by the autocomplete list rendering user input as HTML without encoding.

Recommendations Upgrade to version 0.7.2 or later.