Cross-site scripting invenio-records
A Cross-Site Scripting (XSS) vulnerability was discovered when rendering JSON for a record in the administration interface. The vulnerability could be exploited by e.g. a user who had access to upload a new record, that an admin user would then later view in the admin interface.