bodhi-server is vulnerable to cross-site scripting (XSS). The bug title is not sanitized and HTML encoded before displaying on the user’s browser, which would allow a remote attacker to inject arbitrary Javascript into the victim’s browser to steal session tokens or perform unwanted actions on behalf of the user.
CPE | Name | Operator | Version |
---|---|---|---|
bodhi-server | le | 2.9.0 | |
bodhi-server | le | 2.9.0 |