Due to improper neutralization, it was possible to perform cross-site scripting via crafted user and language names.
The issues were fixed in the 4.11 release. The following commits are addressing it:
You can look for crafted user and language names to see if you were affected.
If you have any questions or comments about this advisory: * Open a topic in discussions * Email us at care@weblate.org
{ "nvd_published_at": "2022-02-25T21:15:00Z", "cwe_ids": [ "CWE-79" ], "severity": "MODERATE", "github_reviewed": true, "github_reviewed_at": "2022-02-25T22:18:50Z" }