You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
According to wtforms/wtforms#315 this is dangerous only if labels include untrusted input. That shouldn't be the case in mediaTUM, in particular not for input from unauthenticated users. On the other hand, users with edit rights in mediatum are by design permitted to provide raw HTML metadata fields anyway.
Has this been brought to your attention?
https://snyk.io/test/github/mediatum/mediatum?severity=high&severity=medium&severity=low
According to this report mediatum might be vulnerable to Cross-site Scripting (XSS), because of
wtforms/wtforms#315.
The text was updated successfully, but these errors were encountered: