CVE-2021-29272

Name of the Vulnerable Software and Affected Versions: bluemonday versions prior to 1.0.5

Description: The issue allows for XSS because certain Go lowercasing converts an uppercase Cyrillic character, defeating a protection mechanism against the script string. This can bypass a protection mechanism against user-inputted HTML elements such as the script tag.

Recommendations: For versions prior to 1.0.5, update to version 1.0.5 or later to resolve the issue. As a temporary workaround, consider restricting the input of Cyrillic characters or disabling the use of the script tag until a patch is available.