2 matches found
CVE-2023-38758
Cross Site Scripting vulnerability in wger Project wger Workout Manager v.2.2.0a3 allows a remote attacker to gain privileges via the licenseauthor field in the add-ingredient function in the templates/ingredients/view.html, models/ingredients.py, and views/ingredients.py components...
CVE-2023-38758
The CVE-2023-38758 entry concerns wger Workout Manager v2.2.0a3, with a Cross-Site Scripting flaw exploitable via the license_author field in the add-ingredient workflow (templates/ingredients/view.html, models/ingredients.py, views/ingredients.py). The underlying issue is a stored/ reflected XSS...