4 matches found
PYSEC-2026-220
Versions of the package dash-core-components before 2.13.0; all versions of the package dash-core-components; versions of the package dash before 2.15.0; all versions of the package dash-html-components; versions of the package dash-html-components before 2.0.16 are vulnerable to Cross-site...
PYSEC-2026-219
Versions of the package dash-core-components before 2.13.0; all versions of the package dash-core-components; versions of the package dash before 2.15.0; all versions of the package dash-html-components; versions of the package dash-html-components before 2.0.16 are vulnerable to Cross-site...
Cross-site Scripting (XSS)
Overview dash is a Python framework for building reactive web-apps. Developed by Plotly. Affected versions of this package are vulnerable to Cross-site Scripting XSS when the href of the a tag is controlled by an adversary. An authenticated attacker who stores a view that exploits this...
Cross-site Scripting (XSS)
Overview dash-html-components is a Vanilla HTML components for Dash. Affected versions of this package are vulnerable to Cross-site Scripting XSS when the href of the a tag is controlled by an adversary. An authenticated attacker who stores a view that exploits this vulnerability could steal the...