Headline
CVE-2023-5689: Merge pull request #3095 from modoboa/fix/xss_profile_form · modoboa/modoboa@d33d3cd
Cross-site Scripting (XSS) - DOM in GitHub repository modoboa/modoboa prior to 2.2.2.
Expand Up
@@ -30,7 +30,7 @@ TwocolsNav.prototype = {
listen: function() {
$(“a.ajaxnav”).click($.proxy(this.load_section, this));
$(document).on("click", "#update", $.proxy(function(e) {
var $form = $(“form”).first();
var $form = $(e.target).closest(“form”);
simple_ajax_form_post(e, {
formid: $form.attr(“id”),
modal: false,
Expand Down
Related news
GHSA-9wj3-cfq8-wpvj: modoboa Cross-site Scripting vulnerability
Cross-site Scripting (XSS) - DOM in GitHub repository modoboa/modoboa prior to 2.2.2.