RSS   Podatności dla 'CROW'   RSS

2022-01-13
 
CVE-2021-23824

CWE-79
 

 
This affects the package Crow before 0.3+4. When using attributes without quotes in the template, an attacker can manipulate the input to introduce additional attributes, potentially executing code. This may lead to a Cross-site Scripting (XSS) vulnerability, assuming an attacker can influence the value entered into the template. If the template is used to render user-generated content, this vulnerability may escalate to a persistent XSS vulnerability.

 
 
CVE-2021-23514

CWE-22
 

 
This affects the package Crow before 0.3+4. It is possible to traverse directories to fetch arbitrary files from the server.

 


Copyright 2024, cxsecurity.com

 

Back to Top