collective.task is vulnerable to cross-site scripting. The vulnerability exists in the renderCell
function of table.py
due to missing escape columns which allows an attacker to inject and execute malicious JavaScript.
CPE | Name | Operator | Version |
---|---|---|---|
collective.task | le | 3.0.8 | |
collective.task | le | 2.3 | |
collective.task | le | 3.0.8 | |
collective.task | le | 2.3 |