Cross-site scripting (XSS)
A vulnerability has been found in Kallithea in the 'Download as zip' and 'Compare' features of repositories.
This issue was found and reported by:
Bob Hogg (firstname.lastname@example.org).
The same issue turned out to be present in the version selection dropdown menus of the 'Compare' feature of repositories.
The issue is fixed in release 0.3.7. Users are advised to upgrade as soon as possible.
As far as we know, the issue is present in all Kallithea releases prior to 0.3.7.