CVE-2022-31136

Name of the Vulnerable Software and Affected Versions Bookwyrm versions prior to 0.4.1

Description The issue concerns an open source social reading and reviewing program where versions prior to 0.4.1 did not properly sanitize HTML being rendered to users. Unprivileged users can inject scripts into user profiles, book descriptions, and statuses, potentially leading to cross-site scripting attacks on users viewing these fields.

Recommendations For versions prior to 0.4.1, upgrade to version 0.4.1 to resolve the issue. As a temporary workaround, consider restricting access to user profiles, book descriptions, and statuses until the upgrade is applied. Avoid using the affected fields in the program until the issue is resolved.