[francoisjacquet/rosariosis] Cross site scripting in francoisjacquet/rosariosis

A Cross-site Scripting (XSS) vulnerability exists in in GitHub repository francoisjacquet/rosariosis prior to 9.1. HTML entities are not properly decoded from the URL.

References

• https://nvd.nist.gov/vuln/detail/CVE-2022-2036
• https://github.com/francoisjacquet/rosariosis/commit/6e213b17e6ac3a3961e1eabcdaba1c892844398a
• https://huntr.dev/bounties/c7715149-f99c-4d62-a5c6-c78bfdb41905
• https://github.com/advisories/GHSA-4hpr-hh77-6q9p