6 matches found
bitcoin-abe Cross-Site Scripting Vulnerability
bitcoin-abe is a blockchain browser. The product is able to read bitcoin block files and it supports converting and loading data into a database. A cross-site scripting vulnerability exists in the call in the abe.py file in bitcoin-abe versions 0.7.2 and earlier and 0.8pre and earlier. The...
bitcoin-abe Cross-Site Scripting Vulnerability
bitcoin-abe is a blockchain browser. The product is able to read bitcoin block files and it supports converting and loading data into a database. A cross-site scripting vulnerability exists in the call in the abe.py file in bitcoin-abe versions 0.7.2 and earlier and 0.8pre and earlier. The...
CVE-2020-11944
Abe aka bitcoin-abe through 0.7.2, and 0.8pre, allows XSS in call in abe.py because the PATHINFO environment variable is mishandled during a PageNotFound exception...
Cross site scripting
Abe aka bitcoin-abe through 0.7.2, and 0.8pre, allows XSS in call in abe.py because the PATHINFO environment variable is mishandled during a PageNotFound exception...
CVE-2020-11944
CVE-2020-11944 affects Abe (bitcoin-abe) up to versions 0.7.2 and 0.8pre, where an XSS flaw exists in abe.py__call__ caused by mishandling PATH_INFO during a PageNotFound exception. The issue is triggered via client-supplied data and could enable script execution in the browser of an unsuspecting...
CVE-2020-11944
Abe aka bitcoin-abe through 0.7.2, and 0.8pre, allows XSS in call in abe.py because the PATHINFO environment variable is mishandled during a PageNotFound exception...