Cross-Site Scripting (XSS)
A cross-site scripting vulnerability has been found in Kallithea, when displaying repository group descriptions.
Thanks to stypr of Flatt Security for reporting this vulnerability.
Resolution / Affected versions
This vulnerability was first introduced in Kallithea 0.4.0 and is fixed in 0.6.3.
Users are advised to upgrade as soon as possible.
- Mercurial changeset fixing the issue https://kallithea-scm.org/repos/kallithea/changeset/cd8fa11c5c89278a103b795db50e740594038ec8