Lucene search
K

169 matches found

vulnersOsv
vulnersOsv
added 2023/03/17 2:43 p.m.3 views

augbuilder (>=0.0.2 <=0.0.3), hlm-texts (=0.1.2) +15 more potentially affected by CVE-2023-27494 via streamlit (>=0.63.1 <=0.80.0)

streamlit PYPI version =0.63.1, =0.0.2, =0.0.2, =0.0.1, =0.1.6, =0.32.0, =0.10.8, =2.4.30, =0.1.0, =0.0.0, =0.1.0, =0.2.0 - streamlit-prophet =1.0.0 and more Source cves: CVE-2023-27494 Source advisory: OSV:GHSA-9C6G-QPGJ-RVXW...

6.1CVSS6.3AI score0.00407EPSS
Exploits0
OSV
OSV
added 2023/03/17 2:43 p.m.46 views

GHSA-9C6G-QPGJ-RVXW Streamlit publishes previously-patched Cross-site Scripting vulnerability

Synopsis: Streamlit open source publicizes a prior security fix implemented in 2021. The vulnerability affected Streamlit versions between 0.63.0 and 0.80.0 inclusive and was patched on April 21, 2021. If you are using Streamlit with version before 0.63.0 or after 0.80.0, no action is required. 1...

6CVSS6AI score0.00407EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2023/03/17 2:43 p.m.42 views

Streamlit publishes previously-patched Cross-site Scripting vulnerability

Synopsis: Streamlit open source publicizes a prior security fix implemented in 2021. The vulnerability affected Streamlit versions between 0.63.0 and 0.80.0 inclusive and was patched on April 21, 2021. If you are using Streamlit with version before 0.63.0 or after 0.80.0, no action is required. 1...

6.1CVSS5.4AI score0.00407EPSS
Exploits0References5Affected Software1
NVD
NVD
added 2023/03/16 9:15 p.m.44 views

CVE-2023-27494

Streamlit, software for turning data scripts into web applications, had a cross-site scripting XSS vulnerability in versions 0.63.0 through 0.80.0. Users of hosted Streamlit apps were vulnerable to a reflected XSS vulnerability. An attacker could craft a malicious URL with Javascript payloads to ...

6.1CVSS5.7AI score0.00407EPSS
Exploits0References2
vulnersOsv
vulnersOsv
added 2023/03/16 9:15 p.m.4 views

augbuilder (>=0.0.2 <=0.0.3), hlm-texts (=0.1.2) +15 more potentially affected by CVE-2023-27494 via streamlit (>=0.63.1 <=0.80.0)

streamlit PYPI version =0.63.1, =0.0.2, =0.0.2, =0.0.1, =0.1.6, =0.32.0, =0.10.8, =2.4.30, =0.1.0, =0.0.0, =0.1.0, =0.2.0 - streamlit-prophet =1.0.0 and more Source cves: CVE-2023-27494 Source advisory: OSV:PYSEC-2023-50...

6.1CVSS6.3AI score0.00407EPSS
Exploits0
Prion
Prion
added 2023/03/16 9:15 p.m.15 views

Cross site scripting

Streamlit, software for turning data scripts into web applications, had a cross-site scripting XSS vulnerability in versions 0.63.0 through 0.80.0. Users of hosted Streamlit apps were vulnerable to a reflected XSS vulnerability. An attacker could craft a malicious URL with Javascript payloads to ...

5.8CVSS5.8AI score0.00407EPSS
Exploits0References2Affected Software1
PyPA
PyPA
added 2023/03/16 9:15 p.m.7 views

PYSEC-2023-50

Streamlit, software for turning data scripts into web applications, had a cross-site scripting XSS vulnerability in versions 0.63.0 through 0.80.0. Users of hosted Streamlit apps were vulnerable to a reflected XSS vulnerability. An attacker could craft a malicious URL with Javascript payloads to ...

6.1CVSS5.5AI score0.00407EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2023/03/16 9:15 p.m.41 views

PYSEC-2023-50

Streamlit, software for turning data scripts into web applications, had a cross-site scripting XSS vulnerability in versions 0.63.0 through 0.80.0. Users of hosted Streamlit apps were vulnerable to a reflected XSS vulnerability. An attacker could craft a malicious URL with Javascript payloads to ...

6.1CVSS5.3AI score0.00407EPSS
Exploits0References2
Cvelist
Cvelist
added 2023/03/16 8:29 p.m.43 views

CVE-2023-27494 Streamlit Cross-site Scripting vulnerability

Streamlit, software for turning data scripts into web applications, had a cross-site scripting XSS vulnerability in versions 0.63.0 through 0.80.0. Users of hosted Streamlit apps were vulnerable to a reflected XSS vulnerability. An attacker could craft a malicious URL with Javascript payloads to ...

5.9CVSS6AI score0.00407EPSS
Exploits0References2
CVE
CVE
added 2023/03/16 8:29 p.m.78 views

CVE-2023-27494

CVE-2023-27494 describes a reflected XSS in Streamlit open-source library for hosted apps, affecting versions 0.63.0–0.80.0. The vulnerability allowed an attacker to craft a malicious URL containing JavaScript payloads, which the server could render unescaped, enabling XSS. The issue was addresse...

6.1CVSS5.7AI score0.00407EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2023/03/16 8:29 p.m.11 views

CVE-2023-27494 Streamlit Cross-site Scripting vulnerability

Streamlit, software for turning data scripts into web applications, had a cross-site scripting XSS vulnerability in versions 0.63.0 through 0.80.0. Users of hosted Streamlit apps were vulnerable to a reflected XSS vulnerability. An attacker could craft a malicious URL with Javascript payloads to ...

5.9CVSS5.9AI score0.00407EPSS
Exploits0References2
OSV
OSV
added 2023/03/16 8:29 p.m.28 views

CVE-2023-27494 Streamlit Cross-site Scripting vulnerability

Streamlit, software for turning data scripts into web applications, had a cross-site scripting XSS vulnerability in versions 0.63.0 through 0.80.0. Users of hosted Streamlit apps were vulnerable to a reflected XSS vulnerability. An attacker could craft a malicious URL with Javascript payloads to ...

5.9CVSS5.7AI score0.00407EPSS
Exploits0References4
CNNVD
CNNVD
added 2023/03/16 12:0 a.m.3 views

Streamlit 跨站脚本漏洞

Streamlit is Streamlit open source a data-oriented Python application development framework . Streamlit version 0.81.0 before the cross-site scripting vulnerability , the vulnerability stems from the existence of reflective cross-site scripting XSS vulnerability , an attacker can use this...

6.1CVSS5.7AI score0.00407EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2023/03/16 12:0 a.m.8 views

PT-2023-21169 · Streamlit · Streamlit

Name of the Vulnerable Software and Affected Versions: Streamlit versions 0.63.0 through 0.80.0 Description: The issue is a cross-site scripting XSS vulnerability that affects users of hosted Streamlit apps. An attacker could craft a malicious URL with Javascript payloads to a Streamlit app,...

6.1CVSS5.9AI score0.00407EPSS
Exploits0References9
vulnersOsv
vulnersOsv
added 2022/08/06 5:51 a.m.3 views

alphapept (=0.3.29), api-automation-kit (>=0.2.0 <=0.7.0) +51 more potentially affected by CVE-2022-35918 via streamlit (>=0.63.1 <=1.11.0)

streamlit PYPI version =0.63.1, =0.2.0, =0.0.2, =0.0.4, =0.0.1, =0.1.0, =0.0.2, =0.1.0, =0.1.5, =0.0.1, =0.0.1, =0.0.1, =0.0.7 - gimmick =1.0.0 - hlm-texts =0.1.2 and more Source cves: CVE-2022-35918 Source advisory: OSV:GHSA-V4HR-4JPX-56GC...

6.5CVSS6.5AI score0.01323EPSS
Exploits0
Github Security Blog
Github Security Blog
added 2022/08/06 5:51 a.m.30 views

Streamlit directory traversal vulnerability

Impact Users hosting Streamlit apps that use custom components are vulnerable to a directory traversal attack that could leak data from their web server file-system such as: server logs, world readable files, and potentially other sensitive information. An attacker can craft a malicious URL with...

6.5CVSS6.3AI score0.01323EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2022/08/06 5:51 a.m.2 views

GHSA-V4HR-4JPX-56GC Streamlit directory traversal vulnerability

Impact Users hosting Streamlit apps that use custom components are vulnerable to a directory traversal attack that could leak data from their web server file-system such as: server logs, world readable files, and potentially other sensitive information. An attacker can craft a malicious URL with...

6.5CVSS6AI score0.01323EPSS
Exploits0References5
Veracode
Veracode
added 2022/08/02 2:54 p.m.21 views

Path Traversal

streamlit is vulnerable to path traversal. The vulnerability exists in get function in ComponentRequestHandler due to improper handling of component requests outside the root directory which allows an attacker to access and overwrite the files by sending a malicious URL with file paths...

6.5CVSS6.1AI score0.01323EPSS
Exploits0References3Affected Software1
NVD
NVD
added 2022/08/01 10:15 p.m.29 views

CVE-2022-35918

Streamlit is a data oriented application development framework for python. Users hosting Streamlit apps that use custom components are vulnerable to a directory traversal attack that could leak data from their web server file-system such as: server logs, world readable files, and potentially othe...

6.5CVSS0.01323EPSS
Exploits0References2
Prion
Prion
added 2022/08/01 10:15 p.m.20 views

Directory traversal

Streamlit is a data oriented application development framework for python. Users hosting Streamlit apps that use custom components are vulnerable to a directory traversal attack that could leak data from their web server file-system such as: server logs, world readable files, and potentially othe...

4.3CVSS6.3AI score0.01323EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder