Impact
What kind of vulnerabiity is it? Who is impacted?
When using tuitse_html without quoting the input, there is a html injection vulnerability. It should use the django version django.utils.html.format_html, instead of string.format()
Patches
Has the problem been patched? What versions should users upgrade to?
Upgrade to version 1.3.2.
Workarounds
Is there a way for users to fix or remediate the vulnerability without upgrading?
Sanitizing Taigi input with HTML quotation.
References
Are there any links users can visit to find out more?
#22
Impact
What kind of vulnerabiity is it? Who is impacted?
When using
tuitse_htmlwithout quoting the input, there is a html injection vulnerability. It should use the django versiondjango.utils.html.format_html, instead ofstring.format()Patches
Has the problem been patched? What versions should users upgrade to?
Upgrade to version 1.3.2.
Workarounds
Is there a way for users to fix or remediate the vulnerability without upgrading?
Sanitizing Taigi input with HTML quotation.
References
Are there any links users can visit to find out more?
#22