CVE-2017-7871by Jeremyin Security Bulletinson Posted on April 14, 2017 trollepierre/tdm before 2017-04-13 is vulnerable to a reflected XSS in tdm-master/webhook.php (challenge parameter).