Cross-site scripting (XSS)
A vulnerability has been found in Kallithea in the interpretation of certain URL arguments.
This issue was found and reported by:
Bob Hogg (firstname.lastname@example.org).
The issue is fixed in release 0.3.7. Users are advised to upgrade as soon as possible.
This issue is present in Kallithea releases 0.3.3 up to (and including) 0.3.6.
- Mercurial changeset fixing the issue https://kallithea-scm.org/repos/kallithea/changeset/81db5704b2859c5dd4d0309acb80a4a9d41c7600