Closed hfionte closed 5 years ago
G'day @hfionte - thanks for highlighting this issue. Certainly something of concern so we've pushed through an update to restrict html allowed in those descriptions.
A new version has been released to reflect this update.
The image descriptions in the image gallery version of Modaal are rendered in a way that introduces a script-injection vulnerability.