CVE-2022-39017: Avoid any XSS script execution from comments areas (social, document comment, form comment, etc)

DESCRIPTION

All the comments areas (document, social, form, etc) could lead in a XSS vulnerabilities.

Risk level: Critical

Fix: Upgrade to version 3.3.10.8 or later.

AFFECTED PRODUCTS

Hubshare

MORE INFORMATION

Issue has been fixed by using more appropriated angular native function to secure html rendering and avoid XSS leaks.

ACKNOWLEDGEMENT

We thank Michael Newton <mnewton@themissinglink.com.au> for responsible disclosure.

Date issued: 2022-08

LINKS

https://www.cve.org/CVERecord?id=CVE-2022-39017