Lucene search

K
freebsdFreeBSDDF328FAC-F942-11E5-92CE-002590263BF5
HistoryMar 01, 2016 - 12:00 a.m.

py-djblets -- Self-XSS vulnerability

2016-03-0100:00:00
vuxml.freebsd.org
7

Djblets Release Notes reports:

A recently-discovered vulnerability in the datagrid templates allows an
attacker to generate a URL to any datagrid page containing malicious code
in a column sorting value. If the user visits that URL and then clicks
that column, the code will execute.
The cause of the vulnerability was due to a template not escaping
user-provided values.