CVE-2023-44272 Information

Description

A cross-site scripting vulnerability exists in Citadel versions prior to 994. When a malicious user sends an instant message with some JavaScript code the script may be executed on the web browser of the victim user.

Reference

https://code.citadel.org/citadel/citadel/-/commit/f0dac5ff074ad686fa71ea663c8ead107bd3041e https://jvn.jp/en/jp/JVN08237727/ https://code.citadel.org/citadel/citadel https://www.citadel.org/download.html