3 matches found
CVE-2026-34231
Slippers (Django UI component) before version 0.6.3 contains an XSS in the {% attrs %} template tag when untrusted data is interpolated into HTML attributes without escaping. The root cause is that AttrsNode.render() does not escape output, allowing injected HTML/JS to be rendered in the page. Th...
jfk-django-core (=1.6.0) potentially affected by CVE-2026-34231 via slippers (=0.6.2)
slippers PYPI version =0.6.2 is affected by a known vulnerability. The following packages have a transitive dependency on slippers and may be impacted: - jfk-django-core =1.6.0 Source cves: CVE-2026-34231 Source advisory: OSV:GHSA-W7RV-GFP4-J9J3...
jfk-django-core (=1.6.0) potentially affected by CVE-2026-34231 via slippers (=0.6.2)
slippers PYPI version =0.6.2 is affected by a known vulnerability. The following packages have a transitive dependency on slippers and may be impacted: - jfk-django-core =1.6.0 Source cves: CVE-2026-34231 Source advisory: SNYK:PYTHON-SLIPPERS-15857196...