There is a known XSS exploit in webmention.js 0.5.4 and earlier. If you are running webmention.js on your site, please update to the latest version!

Many thanks to @tyage for reporting this vulnerability (and @psmoros for facilitating the report, as well as running huntr.dev which looks like a great security research and reporting platform).