Impact

What kind of vulnerability is it? Who is impacted?
Cross-site scripting (XSS).
A user would have to click on a specifically crafted validator link to trigger it.

Patches

Has the problem been patched? What versions should users upgrade to?
The problem has been patched, use commit e5c09a9 or later.

References

Are there any links users can visit to find out more?
https://owasp.org/www-community/attacks/xss/