Source: kalkun Version: 0.8.3.1-1 Severity: important Tags: security upstream X-Debbugs-Cc: ro...@debian.org, Debian Security Team <t...@security.debian.org>
Hi, The following vulnerability was published for kalkun CVE-2025-3573[0]: | Versions of the package jquery-validation before 1.20.0 are | vulnerable to Cross-site Scripting (XSS) in the showLabel() | function, which may take input from a user-controlled placeholder | value. This value will populate a message via $.validator.messages | in a user localizable dictionary. civicrm includes embedded jquery-validation. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2025-3573 https://www.cve.org/CVERecord?id=CVE-2025-3573 [1] https://github.com/jquery-validation/jquery-validation/pull/2462 [2] https://github.com/jquery-validation/jquery-validation/commit/7a490d8f39bd988027568ddcf51755e1f4688902 Please adjust the affected versions in the BTS as needed. Regards, Salvatore
signature.asc
Description: This is a digitally signed message part.
