Possible Cross-site Scripting (XSS) Vulnerability

[schnittstabil]

Has this been brought to your attention?
https://snyk.io/test/github/mediatum/mediatum?severity=high&severity=medium&severity=low

According to this report mediatum might be vulnerable to Cross-site Scripting (XSS), because of
wtforms/wtforms#315.

[arkady-bagdasarov]

Any updates?

[wboigertu]

According to wtforms/wtforms#315 this is dangerous only if labels include untrusted input. That shouldn't be the case in mediaTUM, in particular not for input from unauthenticated users. On the other hand, users with edit rights in mediatum are by design permitted to provide raw HTML metadata fields anyway.