Pagure: XSS possible in file attachment endpoint
bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-1000037
lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/R7EHB2WQ46M737B2STHQTOPTBSSQJDSS/
raw.githubusercontent.com/distributedweaknessfiling/cvelist/master/2016/1000xxx/CVE-2016-1000037.json
security-tracker.debian.org/tracker/CVE-2016-1000037