You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Cross-Site Scripting (XSS) vulnerability in Jinja templates
Moderate
lnielsen
published
GHSA-mfv8-q39f-mgfgJul 15, 2019
·
1 comment
Package
invenio-communities
(PyPI)
Affected versions
<1.0.0a20
Patched versions
1.0.0a20
Description
Impact
A Cross-Site Scripting (XSS) vulnerability was discovered in two Jinja templates in the Invenio-Communities module. The vulnerability allows a user to create a new community and include script element tags inside the description and page fields.
Patches
The problem has been patched in v1.0.0a20.
For more information
If you have any questions or comments about this advisory:
Impact
A Cross-Site Scripting (XSS) vulnerability was discovered in two Jinja templates in the Invenio-Communities module. The vulnerability allows a user to create a new community and include script element tags inside the description and page fields.
Patches
The problem has been patched in v1.0.0a20.
For more information
If you have any questions or comments about this advisory: