Public Security Announcement to WebMasters using EidoGo
EidoGo contains cross-site scripting (XSS) security vulnerabilities
If you are using EidoGo as an embedded SGF player on your website, your site may be susceptible to these security vulnerabilities, particularly if your site supports uploading SGF files that are then displayed to other users via EidoGo. You can read more about this issue in the below GitHub issue report.
You can also read more about what cross-site scripting is on this website:
http://excess-xss.com
Note: this is the public disclosure following a two-month period after the developer was first privately notified of this issue. One month ago, the webmasters of several websites (including OGS) were notified to allow them to address this security issue in advance of wider public disclosure.