Djblets 0.9.2 Release Notes¶
Release date: March 1, 2016
Fixed a Self-XSS vulnerability in the
A recently-discovered vulnerability in the datagrid templates allows an attacker to generate a URL to any datagrid page containing malicious code in a column sorting value. If the user visits that URL and then clicks that column, the code will execute.
The cause of the vulnerability was due to a template not escaping user-provided values.
This vulnerability was reported by Jose Carlos Exposito Bueno (0xlabs).
Jose Carlos Exposito Bueno (0xlabs)