CVE-2021-32409

Stored XSS in Kallithea (Kallithea における格納型 XSS)

Cross Site Scripting (XSS) in Kallithea v0.4.0 up to v0.6.2 and fixed in v0.6.3, when displaying repository group descriptions.

Disclosure Date

2021/08/31

Credit

stypr (@stereotype32)

Affected-Versions

Kallithea: v0.6.2 and earlier

CWE

CWE-79

Product-URLs

https://kallithea-scm.org/

Reference