Lucene search
K

6 matches found

RedhatCVE
RedhatCVE
added 2026/04/01 5:4 p.m.5 views

CVE-2026-34231

Slippers is a UI component framework for Django. Prior to version 0.6.3, a Cross-Site Scripting XSS vulnerability exists in the % attrs % template tag of the slippers Django package. When a context variable containing untrusted data is passed to % attrs %, the value is interpolated into an HTML...

6.1CVSS5.9AI score0.00227EPSS
Exploits1References1
NVD
NVD
added 2026/03/31 4:16 p.m.4 views

CVE-2026-34231

Slippers is a UI component framework for Django. Prior to version 0.6.3, a Cross-Site Scripting XSS vulnerability exists in the % attrs % template tag of the slippers Django package. When a context variable containing untrusted data is passed to % attrs %, the value is interpolated into an HTML...

6.1CVSS0.00227EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2026/03/31 3:33 p.m.3 views

CVE-2026-34231 Slippers: Cross-Site Scripting (XSS) in `attrs` Template Tag

Slippers is a UI component framework for Django. Prior to version 0.6.3, a Cross-Site Scripting XSS vulnerability exists in the % attrs % template tag of the slippers Django package. When a context variable containing untrusted data is passed to % attrs %, the value is interpolated into an HTML...

6.1CVSS5.9AI score0.00227EPSS
Exploits1References3
OSV
OSV
added 2026/03/31 3:33 p.m.7 views

CVE-2026-34231 Slippers: Cross-Site Scripting (XSS) in `attrs` Template Tag

Slippers is a UI component framework for Django. Prior to version 0.6.3, a Cross-Site Scripting XSS vulnerability exists in the % attrs % template tag of the slippers Django package. When a context variable containing untrusted data is passed to % attrs %, the value is interpolated into an HTML...

6.1CVSS5.9AI score0.00227EPSS
Exploits1References5
CVE
CVE
added 2026/03/31 3:33 p.m.23 views

CVE-2026-34231

Slippers (Django UI component) before version 0.6.3 contains an XSS in the {% attrs %} template tag when untrusted data is interpolated into HTML attributes without escaping. The root cause is that AttrsNode.render() does not escape output, allowing injected HTML/JS to be rendered in the page. Th...

6.1CVSS5.9AI score0.00227EPSS
Exploits1References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/30 5:20 p.m.6 views

Slippers Vulnerable to Cross-Site Scripting (XSS) in `attrs` Template Tag

Summary A Cross-site Scripting XSS vulnerability exists in the % attrs % template tag of the slippers Django package. When a context variable containing untrusted data is passed to % attrs %, the value is interpolated into an HTML attribute string without escaping, allowing an attacker to break o...

6.1CVSS6AI score0.00227EPSS
Exploits1References5Affected Software1
Rows per page
Query Builder