A Cross-Site Scripting (XSS) vulnerability was discovered in two Jinja templates in the Invenio-Communities module. The vulnerability allows a user to create a new community and include script element tags inside the description and page fields.
The problem has been patched in v1.0.0a20.
If you have any questions or comments about this advisory: