Discovered 6 months ago
Source: static code analysis
Category: Cross-Site Scripting
Confidence level: Weak


Unescaped model attribute



crawlable_meta_data(:title => (@title), :description => SiteSetting.site_description)

Category description: XSS occurs when a user-manipulatable value is displayed on a web page without escaping it, allowing someone to inject Javascript or HTML into the page.

Solution: fix the issue in app/views/static/login.html.erb or mark it as false positive.