invenio-previewer before 1.0.0a12 allows XSS.
{
"versions": [
{
"introduced": "0"
},
{
"last_affected": "0.1.0"
},
{
"introduced": "0"
},
{
"last_affected": "1.0.0-a1"
},
{
"introduced": "0"
},
{
"last_affected": "1.0.0-a10"
},
{
"introduced": "0"
},
{
"last_affected": "1.0.0-a11"
},
{
"introduced": "0"
},
{
"last_affected": "1.0.0-a12"
},
{
"introduced": "0"
},
{
"last_affected": "1.0.0-a2"
},
{
"introduced": "0"
},
{
"last_affected": "1.0.0-a3"
},
{
"introduced": "0"
},
{
"last_affected": "1.0.0-a4"
},
{
"introduced": "0"
},
{
"last_affected": "1.0.0-a5"
},
{
"introduced": "0"
},
{
"last_affected": "1.0.0-a6"
},
{
"introduced": "0"
},
{
"last_affected": "1.0.0-a7"
},
{
"introduced": "0"
},
{
"last_affected": "1.0.0-a8"
},
{
"introduced": "0"
},
{
"last_affected": "1.0.0-a9"
}
]
}