Security alert: cross-site scripting vulnerability in pump.io 0.2.x and 0.3.x (master)
A security researcher who asked to remain anonymous identified several cross-site scripting vulnerabilities
A new release of the 0.2.x (stable) branch has been made and is available in npm:
The same patches have been made to the 0.3.x (master) branch and are available from Github.
All administrators should upgrade their pump.io servers as soon as possible to the tip of the master version or to version 0.2.4.