4 matches found
aa-prepflow (>=0.1.0 <=0.1.1), agentsociety2 (>=2.0.0 <=2.2.0) +116 more potentially affected by CVE-2024-37063 via ydata-profiling (>=4.0.0 <=4.7.0)
ydata-profiling PYPI version =4.0.0, =0.1.0, =2.0.0, =0.74.0, =1.0.0, =0.1.0, =0.8.0, =0.1.2, =1.0.0, =2.0.1, =2.2.1 - classifier-toolkit =0.1.0 and more Source cves: CVE-2024-37063 Source advisory: OSV:GHSA-2R57-2MRH-GGJV...
CVE-2024-37063
A cross-site scripting XSS vulnerability in versions 3.7.0 or newer of Ydata's ydata-profiling open-source library allows for payloads to be run when a maliocusly crafted report is viewed in the browser...
CVE-2024-37063
CVE-2024-37063 is a cross-site scripting (XSS) vulnerability affecting the open-source library ydata-profiling (versions 3.7.0 and newer). The root cause, as cited by multiple sources, is insufficient sanitization of user-supplied inputs in reports, allowing malicious payloads to execute when a c...
CVE-2024-37063
A cross-site scripting XSS vulnerability in versions 3.7.0 or newer of Ydata's ydata-profiling open-source library allows for payloads to be run when a maliocusly crafted report is viewed in the browser...