Cross-site Scripting in Weblate
Moderate severity
GitHub Reviewed
Published
Feb 25, 2022
in
WeblateOrg/weblate
•
Updated Nov 19, 2024
Description
Published by the National Vulnerability Database
Feb 25, 2022
Published to the GitHub Advisory Database
Feb 25, 2022
Reviewed
Feb 25, 2022
Last updated
Nov 19, 2024
Impact
Due to improper neutralization, it was possible to perform cross-site scripting via crafted user and language names.
Patches
The issues were fixed in the 4.11 release. The following commits are addressing it:
Workarounds
You can look for crafted user and language names to see if you were affected.
References
For more information
If you have any questions or comments about this advisory:
References