3 matches found
CVE-2019-1020005
invenio-communities before 1.0.0a20 allows XSS...
CVE-2019-1020005
invenio-communities before 1.0.0a20 allows XSS...
CVE-2019-1020005
CVE-2019-1020005 affects invenio-communities up to version 1.0.0a20, where two Jinja templates in the module allow cross-site scripting due to lack of input sanitization in community description and pages. The issue enables an attacker to inject scripts when creating a new community or editing fi...