CVE-2021-39286

Webrecorder pywb before 2.6.0 allows XSS because it does not ensure that Jinja2 templates are autoescaped...

PT-2023-18187 · Nunjucks +1 · Nunjucks +1

Name of the Vulnerable Software and Affected Versions: Nunjucks versions prior to 3.2.4 Description: The issue allows bypassing the restrictions provided by the autoescape functionality in Nunjucks. If two user-controlled parameters are on the same line in the views, it is possible to inject...