Bodhi Security Vulnerabilities

CVE-2017-1002152

Bodhi 2.9.0 and lower is vulnerable to cross-site scripting resulting in code injection caused by incorrect validation of bug titles.

CVE-2020-15855

Two cross-site scripting vulnerabilities were fixed in Bodhi 5.6.1.