CVE-2022-24710

Name of the Vulnerable Software and Affected Versions Weblate versions prior to 4.11

Description Weblate is a copyleft software web-based continuous localization system. Versions prior to 4.11 do not properly neutralize user input used in user name and language fields. Due to this improper neutralization, it is possible to perform cross-site scripting via these fields.

Recommendations For versions prior to 4.11, users are advised to add their own neutralize logic to prevent cross-site scripting attacks. As a temporary workaround, consider adding input validation for user name and language fields until a patch is available. For users who can upgrade, the issues were fixed in the 4.11 release.