Bug #2488
Updated by Alexander Watzinger 9 months ago
INCIBE, the Spanish National Cybersecurity Institute, kindly made us aware of possible vulnerabilities reported by Andrea Intilangelo related to user input validation yesterday. Most likely these were introduced unintentionally at recent system wide refactoring. These Although this vulnerabilities were are not very serious/practical in the way OpenAtlas is used: a registered user with right access could have injected JavaScript via form fields. But a user with right access could wreck havoc anyway, that's what backups are for. Nevertheless used we of course fixed these issues immediately and released them immediately, will release them today with version:8.10.1. Thanks to Andrea Intilangelo version:8.10.1 and thank INCIBE for making us aware of it.