Unprivileged users are able to inject scripts into user profiles, book descriptions, and statuses.
Patched in version v0.4.1
Limit registration to only trusted users.
XSS-OSWAP
If you have any questions or comments about this advisory:
Impact
Unprivileged users are able to inject scripts into user profiles, book descriptions, and statuses.
Patches
Patched in version v0.4.1
Workarounds
Limit registration to only trusted users.
References
XSS-OSWAP
For more information
If you have any questions or comments about this advisory: