2 matches found
openslides-presenter (=2.0.3), openslides-protocol (=1.0.0) +2 more potentially affected by CVE-2020-26280 via openslides (>=2.1.1 <=2.2.0)
openslides PYPI version =2.1.1, =2.0.1, =2.0.2 Source cves: CVE-2020-26280 Source advisory: OSV:PYSEC-2020-72...
CVE-2020-26280
OpenSlides (v3.2 affected) is vulnerable to persistent cross-site scripting (XSS) due to insufficient input validation/escaping in rich-text fields. The vulnerability was introduced with commit 6eae497abeab234418dfbd9d299e831eff86ed45 and first appeared in the 3.2 release; it could allow an attac...