CVE-2019-1020005

Name of the Vulnerable Software and Affected Versions: Invenio-Communities versions prior to 1.0.0a20

Description: A Cross-Site Scripting (XSS) issue was found in the Invenio-Communities module, specifically in two Jinja templates. This issue allows a user to create a new community and include script element tags inside the description and page fields.

Recommendations: For versions prior to 1.0.0a20, update to version 1.0.0a20 to resolve the issue. As a temporary workaround, consider restricting the ability to create new communities or editing existing community descriptions and pages until the update is applied.