bodhi is vulnerable to cross-site scripting. The vulnerability exists in overrides.html
and updates.html
because the input from the query parameter is auto-escaped and doesn’t reflected back which allows an attacker to inject and execute arbitrary script.