@EiNSTeiN- reported a reflected XSS vulnerability that existed on the repository issues page on github.com and the user profile page on gist.github.com. User input was passed to the
url_for Rails helper responsible for generating some of the links on these pages. While arbitrary HTML content injection was not possible, full control of the
url_for arguments to be passed from user request parameters.