Impact
A stored Cross-Site Scripting (XSS) vulnerability in the Tasks module allows attackers to inject malicious JavaScript via checklist checkpoint content. The payload is executed when users view the affected task.
Patches
The vulnerability has been patched in version 1.9.3, and all users are encouraged to upgrade to this version or later immediately.
Workarounds
No workaround is available; users should upgrade to a patched version.
References
Further details regarding this fix can be found in the HumHub Tasks GitHub repository and the official project changelogs:
Credits
Special thanks to lassi for identifying and reporting this issue.
Impact
A stored Cross-Site Scripting (XSS) vulnerability in the Tasks module allows attackers to inject malicious JavaScript via checklist checkpoint content. The payload is executed when users view the affected task.
Patches
The vulnerability has been patched in version 1.9.3, and all users are encouraged to upgrade to this version or later immediately.
Workarounds
No workaround is available; users should upgrade to a patched version.
References
Further details regarding this fix can be found in the HumHub Tasks GitHub repository and the official project changelogs:
Credits
Special thanks to lassi for identifying and reporting this issue.