Name of the Vulnerable Software and Affected Versions Invenio-Communities versions prior to 2.8.11 Invenio-Communities versions prior to 4.2.2 Invenio-Communities versions prior to 7.8.0

Description A Cross-Site Scripting (XSS) issue has been identified in certain React components related to community members in the Invenio-Communities module. This issue allows a user to inject a script tag into the Affiliations field during the account registration process. The malicious script is executed when the user creates a new community and is listed as a public member, potentially allowing the attacker to access personal information, such as cookies, of visiting users.

Recommendations For versions prior to 2.8.11, update to version 2.8.11 or later. For versions prior to 4.2.2, update to version 4.2.2 or later. For versions prior to 7.8.0, update to version 7.8.0 or later.