CVE-2017-20159 – rf Keynote rumble.rb cross site scripting

https://notcve.org/view.php?id=CVE-2017-20159

A vulnerability was found in rf Keynote up to 0.x on Rails. It has been rated as problematic. Affected by this issue is some unknown functionality of the file lib/keynote/rumble.rb. The manipulation of the argument value leads to cross site scripting. The attack may be launched remotely. • https://github.com/rf-/keynote/commit/05be4356b0a6ca7de48da926a9b997beb5ffeb4a https://github.com/rf-/keynote/releases/tag/v1.0.0 https://vuldb.com/?ctiid.217142 https://vuldb.com/?id.217142 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •