CVE-2015-1864

Name of the Vulnerable Software and Affected Versions Kallithea versions prior to 0.2.1

Description The issue concerns multiple cross-site scripting (XSS) vulnerabilities in the administration pages. These vulnerabilities allow remote attackers to inject arbitrary web script or HTML via specific user details or descriptions, including the first name, last name, repository description, repository group description, or user group description.

Recommendations For versions prior to 0.2.1, update to version 0.2.1 or later to resolve the issue. As a temporary workaround, consider restricting user input for the first name, last name, repository, repository group, and user group descriptions to minimize the risk of exploitation. Avoid using potentially malicious input in these fields until the issue is resolved.