pagure: cross-site scripting
| Package(s): | pagure | CVE #(s): | CVE-2016-1000037 | ||||
| Created: | August 23, 2016 | Updated: | August 24, 2016 | ||||
| Description: | From the Red Hat bug report: It was found that Pagure served uploaded files from its attachment endpoint with content types that instructed the browser to parse HTML files, which could lead to Cross-Site Scripting attacks. | ||||||
| Alerts: |
| ||||||