#client-side

1. XSS Flaw Found in GitHub Status API Integration: Unescaped Data Rendered via innerHTML

A cross-site scripting vulnerability has been identified in code that consumes the GitHub Status API, with incident data being interpolated directly into `innerHTML` template literals without HTML entity encoding. The flaw affects two separate rendering paths in `src/js/main.js`, creating a potential injection vector i...