3 matches found
CVE-2021-37634
Leafkit is a templating language with Swift-inspired syntax. Versions prior to 1.3.0 are susceptible to Cross-site Scripting XSS attacks. This affects anyone passing unsanitised data to Leaf's variable tags. Before this fix, Leaf would not escape any strings passed to tags as variables. If an...
CVE-2021-37634
creationtimestamp| type| source ---|---|--- 2021-08-10 00:36:46+00:00| seen| https://t.me/cibsecurity/27037...
CVE-2021-37634
LeafKit (Leaf kit) prior to v1.3.0 is vulnerable to Cross-site Scripting (XSS) when unsanitised data is passed to variable tags due to lack of escaping. The issue stems from not escaping strings rendered as variables, allowing injected scripts into generated Leaf pages if mitigations like a CSP a...