Disclosure Date 2021/08/31

CVE-2021-32409

Stored Cross-site Scripting in Kallithea

KallitheaにおけるStored XSS(蓄積型クロスサイトスクリプティング)

Credit

stypr (@stereotype32)

Affected-Versions

v0.6.2 and earlier

CWE

CWE-79

Description

Cross Site Scripting (XSS) in Kallithea v0.4.0 up to v0.6.2 and fixed in v0.6.3, when displaying repository group descriptions.

Product-URLs

https://kallithea-scm.org/

Reference

  • https://kallithea-scm.org/security/20201201-stypr-1.html
  • https://kallithea-scm.org/repos/kallithea/changeset/cd8fa11c5c89278a103b795db50e740594038ec8

Back