[CKAN-Security] XSS for multiple sites

David Read david.read at hackneyworkshop.com
Thu Sep 14 12:52:41 UTC 2017


To: CKAN Security list,

I got alerted to this report of XSS on a number of CKAN sites:

https://www.openbugbounty.org/reports/294186/

I don't know the details of the specific problem, but I'm asking via
my contacts.
The CKAN versions on the list seems pretty broad and include the latest e.g.

CKAN 2.2.4 https://data.england.nhs.uk/api/util/status
CKAN 2.6.2 https://www.opendatani.gov.uk/api/util/status

David


More information about the Security mailing list