Cross-site scripting (XSS) vulnerability in command.php in SiteBar 3.3.8 and earlier allows remote attackers to inject arbitrary web script or HTML via the command parameter.
Created attachment 94053 [details, diff] sitebar.patch Patch extracted from Debian diff
web-apps, please bump 3.3.8 with patch.
done
Thanks Renat PPC, please could you test and mark stable if possible sitebar-3.3.8, thanks in advance
ppc stable
I vote NO.
another no
2 NO -> closing with NO GLSA. Feel free to reopen if you disagree.