CVE-2021-32409

Stored Cross-site Scripting in Kallithea (Kallithea における Stored XSS (蓄積型クロスサイトスクリプティング))

Cross Site Scripting (XSS) in Kallithea v0.4.0 up to v0.6.2 and fixed in v0.6.3, when displaying repository group descriptions.

Disclosure Date

2021/08/31

Credit

stypr (@stereotype32)

Affected-Versions

Kallithea: v0.6.2 and earlier

CWE

CWE-79

Product-URLs

https://kallithea-scm.org/

Reference