Cabot Cross Site Scripting (XSS) vulnerability via Endpoint column

2022-05-2417:29:11

Google

osv.dev

0.016 Low

EPSS

Percentile

87.3%

JSON

All versions up to 0.11.16 of package cabot are vulnerable to Cross-site Scripting (XSS) via the Endpoint column.

CPENameOperatorVersion
caboteq0.10.1
caboteq0.11.1
caboteq0.11.2
caboteq0.8.4
caboteq0.10.4
caboteq0.11.5
caboteq0.11.12
caboteq0.10.8
caboteq0.11.6
caboteq0.10.5

Name	Operator	Version
cabot	eq	0.10.1
cabot	eq	0.11.1
cabot	eq	0.11.2
cabot	eq	0.8.4
cabot	eq	0.10.4
cabot	eq	0.11.5
cabot	eq	0.11.12
cabot	eq	0.10.8
cabot	eq	0.11.6
cabot	eq	0.10.5

Rows per page:

1-10 of 281

References

github.com/arachnys/cabot

github.com/arachnys/cabot/commit/eb0b3544f8c8ab2dee4643df191da346a941734f

github.com/arachnys/cabot/pull/694

itsmeanonartist.tech/blogs/blog2.html

nvd.nist.gov/vuln/detail/CVE-2020-7734

snyk.io/vuln/SNYK-PYTHON-CABOT-609862

www.exploit-db.com/exploits/48791

0.016 Low

EPSS

Percentile

87.3%

JSON

Related for OSV:GHSA-MQWH-R366-4224