FreeBSD : py-djblets -- Self-XSS vulnerability (df328fac-f942-11e5-92ce-002590263bf5)
High Nessus Plugin ID 90338
SynopsisThe remote FreeBSD host is missing one or more security-related updates.
DescriptionDjblets Release Notes reports :
A recently-discovered vulnerability in the datagrid templates allows an attacker to generate a URL to any datagrid page containing malicious code in a column sorting value. If the user visits that URL and then clicks that column, the code will execute.
The cause of the vulnerability was due to a template not escaping user-provided values.
SolutionUpdate the affected packages.