Woodpecker is a community branch of the Drone CI system. A cross-site scripting vulnerability exists in versions prior to Woodpecker 0.15.1, which stems from a missing escape in web/src/components/repo/build/BuildLog.vue. An attacker could exploit this vulnerability to execute JavaScript code on the client side.