Bug 1216266 (CVE-2023-4829)

Summary: VUL-0: CVE-2023-4829: froxlor: Cross-site Scripting (XSS) - Stored in GitHub repository froxlor/froxlor prior to 2.0.22.
Product: [openSUSE] openSUSE Distribution Reporter: SMASH SMASH <smash_bz>
Component: SecurityAssignee: Wolfgang Engel <wolfgang.engel>
Status: IN_PROGRESS --- QA Contact: Security Team bot <security-team>
Severity: Normal    
Priority: P3 - Medium CC: thomas.leroy
Version: Leap 15.6   
Target Milestone: ---   
Hardware: Other   
OS: Other   
URL: https://smash.suse.de/issue/381811/
Whiteboard:
Found By: Security Response Team Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---
Bug Depends on: 1216204    
Bug Blocks:    

Description SMASH SMASH 2023-10-16 09:07:17 UTC 
Cross-site Scripting (XSS) - Stored in GitHub repository froxlor/froxlor prior
to 2.0.22.

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-4829
Comment 1 Thomas Leroy 2023-10-16 09:09:07 UTC 
Backports are affected.

Same wondering as Robert in bsc#1216204 #c1, maybe worth dropping froxlor if we don't have active maintainer
Comment 2 Wolfgang Engel 2023-12-08 12:52:58 UTC 
froxlor was dropped from openSUSE:Backports:SLE-15-SP6