Skip to content

Cross-Site Scripting (XSS) vulnerability in Jinja templates

lnielsen published GHSA-mfv8-q39f-mgfg Jul 15, 2019
@lnielsen

lnielsen published Jul 15, 2019

moderate severity
Affected versions: <1.0.0a20
Patched versions: 1.0.0a20
Package: invenio-communities
Package ecosystem: PyPI

Impact

A Cross-Site Scripting (XSS) vulnerability was discovered in two Jinja templates in the Invenio-Communities module. The vulnerability allows a user to create a new community and include script element tags inside the description and page fields.

Patches

The problem has been patched in v1.0.0a20.

For more information

If you have any questions or comments about this advisory:

You can’t perform that action at this time.