Headline
CVE-2023-0949: Merge pull request #2797 from modoboa/fix/xss_issue_with_tags · modoboa/modoboa@aa74e9a
Cross-site Scripting (XSS) - Reflected in GitHub repository modoboa/modoboa prior to 2.0.5.
@@ -255,9 +255,9 @@ Listing.prototype = {
make_tag: function(text, type) {
var $tag = $("<a />", {
"name": type, “class” : "btn btn-default btn-xs",
"html": " " + text
"html": " " + htmlEncode(text)
});
$(“<span />", {"class” : "fa fa-remove"}).prependTo($tag);
$tag.click($.proxy(this.remove_tag, this));
return $tag;
Related news
GHSA-mgmm-cmhj-2h5f: modoboa Cross-site Scripting vulnerability
Cross-site Scripting (XSS) - Reflected in GitHub repository modoboa/modoboa prior to 2.0.4. A patch is available and anticipated to be part of version 2.0.5.