Advisories for Pypi/Invenio-Communities package

2024

Invenio-Communities has a Cross-Site Scripting (XSS) vulnerability in React components

We have identified a Cross-Site Scripting (XSS) vulnerability within certain React components related to community members in the Invenio-Communities module. This vulnerability enables a user to inject a script tag into the Affiliations field during the account registration process. The malicious script is executed when the user creates a new community and is listed as a public member. The script is triggered whenever any user visits the Members section of …

2019