2 matches found
CVE-2020-11944
Abe aka bitcoin-abe through 0.7.2, and 0.8pre, allows XSS in call in abe.py because the PATHINFO environment variable is mishandled during a PageNotFound exception...
CVE-2020-11944
CVE-2020-11944 affects Abe (bitcoin-abe) up to versions 0.7.2 and 0.8pre, where an XSS flaw exists in abe.py__call__ caused by mishandling PATH_INFO during a PageNotFound exception. The issue is triggered via client-supplied data and could enable script execution in the browser of an unsuspecting...