CVE-2022-39017: Avoid any XSS script execution from comments areas (social, document comment, form comment, etc)

DESCRIPTION:

All the comments areas (document, social, form, etc) could lead in a XSS vulnerabilities.

Risk level: Critical

Fix: Upgrade to version 3.3.10.8 or later.

AFFECTED PRODUCTS:

* Hubshare

MORE INFORMATION:

Issue has been fixed by using more appropriated angular native function to secure html rendering and avoid XSS leaks.

ACKNOWLEDGEMENT

We thank Michael Newton <[email protected]> for responsible disclosure.

Date issued: 2022-08

LINKS

https://www.cve.org/CVERecord?id=CVE-2022-39017