2 matches found
Improper Encoding or Escaping of Output
Overview vapor/leaf-kit is an an expressive, performant, and extensible templating language built for Swift. Affected versions of this package are vulnerable to Improper Encoding or Escaping of Output in the htmlEscaped process. An attacker can inject and execute arbitrary scripts in the context ...
Cross-site Scripting (XSS)
Overview vapor/leaf-kit is an an expressive, performant, and extensible templating language built for Swift. Affected versions of this package are vulnerable to Cross-site Scripting XSS with untrusted user input. If an attacker managed to find a variable that was rendered with their unsanitized...