Advisories for Pypi/Readthedocs-Sphinx-Search package

2024

readthedocs-sphinx-search vulnerable to cross-site scripting when including search results from malicious projects

Impact This vulnerability could have allowed an attacker to include arbitrary HTML content in search results by having a user search a malicious project. This was due to our search client not correctly escaping all user content from search results. You can find more information in the advisory published in our readthedocs.org repo. Users of this extension should update to the 0.3.2 version, and trigger a new build. This issue …