Cross-site scripting (XSS)
A vulnerability has been found in Kallithea in the display of names of users.
This issue was found and reported by:
Bob Hogg (firstname.lastname@example.org).
The issue is fixed in release 0.3.7. Users are advised to upgrade as soon as possible.
As far as we know, the issue is present in all Kallithea releases prior to 0.3.7.
- Mercurial changeset fixing the issue https://kallithea-scm.org/repos/kallithea/changeset/603f5f7c323d1d128aa5d486b60f1172cd254d59