A Cross-Site Scripting (XSS) vulnerability was discovered when rendering JSON for a record in the administration interface. The vulnerability could be exploited by e.g. a user who had access to upload a new record, that an admin user would then later view in the admin interface.
All supported versions of Invenio-Records have been patched. You should upgrade to either v1.0.1, v1.1.1 or v1.2.2
If you have any questions or comments about this advisory: * Email us at info@inveniosoftware.org
{ "nvd_published_at": null, "cwe_ids": [ "CWE-79" ], "severity": "MODERATE", "github_reviewed": true, "github_reviewed_at": "2020-06-16T21:58:55Z" }