CVE-2022-39017: Avoid any XSS script execution from comments areas (social, document comment, form comment, etc)
DESCRIPTION:
All the comments areas (document, social, form, etc) could lead in a XSS vulnerabilities.
Risk level: Critical
Fix: Upgrade to version 3.3.10.8 or later.
AFFECTED PRODUCTS:
* Hubshare
MORE INFORMATION:
Issue has been fixed by using more appropriated angular native function to secure html rendering and avoid XSS leaks.
ACKNOWLEDGEMENT
We thank Michael Newton <[email protected]> for responsible disclosure.
Date issued: 2022-08
LINKS
https://www.cve.org/CVERecord?id=CVE-2022-39017