Lucene search
+L

52 matches found

OSV
OSV
added 2021/06/07 10:15 p.m.27 views

PYSEC-2021-89

Datasette is an open source multi-tool for exploring and publishing data. The ?trace=1 debugging feature in Datasette does not correctly escape generated HTML, resulting in a reflected cross-site scripting vulnerability. This vulnerability is particularly relevant if your Datasette installation...

7.2CVSS0.3AI score0.0096EPSS
Exploits0References6
Github Security Blog
Github Security Blog
added 2021/06/07 9:47 p.m.47 views

Reflected cross-site scripting issue in Datasette

Impact The ?trace=1 debugging feature in Datasette does not correctly escape generated HTML, resulting in a reflected cross-site scripting vulnerability. This vulnerability is particularly relevant if your Datasette installation includes authenticated features using plugins such as...

7.2CVSS0.2AI score0.0096EPSS
Exploits0References8Affected Software1
OSV
OSV
added 2021/06/07 9:47 p.m.25 views

GHSA-XW7C-JX9M-XH5G Reflected cross-site scripting issue in Datasette

Impact The ?trace=1 debugging feature in Datasette does not correctly escape generated HTML, resulting in a reflected cross-site scripting vulnerability. This vulnerability is particularly relevant if your Datasette installation includes authenticated features using plugins such as...

7.2CVSS6.3AI score0.0096EPSS
Exploits0References8
CVE
CVE
added 2021/06/07 9:20 p.m.98 views

CVE-2021-32670

Datasette contains a reflected cross-site scripting vulnerability in the ?_trace=1 debugging feature due to inadequate HTML escaping. Affected versions include 0.56.1 and 0.57; patches are available in those releases. Workarounds include rejecting requests with ?_trace= or &_trace= in the query s...

7.2CVSS6.1AI score0.0096EPSS
Exploits0References5Affected Software1
Cvelist
Cvelist
added 2021/06/07 9:20 p.m.38 views

CVE-2021-32670 Reflected cross-site scripting issue in Datasette

Datasette is an open source multi-tool for exploring and publishing data. The ?trace=1 debugging feature in Datasette does not correctly escape generated HTML, resulting in a reflected cross-site scripting vulnerability. This vulnerability is particularly relevant if your Datasette installation...

7.2CVSS6.9AI score0.0096EPSS
Exploits0References5
CNNVD
CNNVD
added 2021/06/07 12:0 a.m.7 views

Datasette 跨站脚本漏洞

Datasette is an open source multifunctional tool used by applications to explore and publish data. A cross-site scripting vulnerability exists in Datasette 0.57 and 0.56.1 that ? trace=1 input validation error. No detailed vulnerability details are provided at this time...

7.2CVSS5.2AI score0.0096EPSS
Exploits0References5
Veracode
Veracode
added 2020/11/26 2:3 a.m.8 views

Information Disclosure

datasette-graphql is vulnerable to information disclosure. The vulnerability exists as it does not perform permission checks, allowing private database schema to be revealed...

1.7AI score
Exploits0
OSV
OSV
added 2020/11/24 10:59 p.m.15 views

GHSA-74HV-QJJQ-H7G5 datasette-graphql leaks details of the schema of private database files

Impact When running against a Datasette instance with private databases, datasette-graphql would expose the schema of those database tables - but not the table contents. Patches Patched in version 1.2. Workarounds This issue is only present if a Datasette instance that includes private databases...

6.9AI score
Exploits0References2
Github Security Blog
Github Security Blog
added 2020/11/24 10:59 p.m.54 views

datasette-graphql leaks details of the schema of private database files

Impact When running against a Datasette instance with private databases, datasette-graphql would expose the schema of those database tables - but not the table contents. Patches Patched in version 1.2. Workarounds This issue is only present if a Datasette instance that includes private databases...

1.4AI score
Exploits0References3Affected Software1
Veracode
Veracode
added 2020/08/12 4:24 a.m.10 views

Information Disclosure

datasette is vulnerable to information disclosure. The vulnerability exists as Cross-Site Request Forgery CRSF tokens are leaked through read-only canned queries...

2.6AI score
Exploits0
OSV
OSV
added 2020/08/11 2:54 p.m.9 views

GHSA-Q6J3-C4WC-63VW CSRF tokens leaked in URL by canned query form

Impact The HTML form for a read-only canned query includes the hidden CSRF token field added in 798 for writable canned queries 698. This means that submitting those read-only forms exposes the CSRF token in the URL - for example on https://latest.datasette.io/fixtures/neighborhoodsearch submitti...

4.3CVSS6.8AI score
Exploits0References5
Github Security Blog
Github Security Blog
added 2020/08/11 2:54 p.m.23 views

CSRF tokens leaked in URL by canned query form

Impact The HTML form for a read-only canned query includes the hidden CSRF token field added in 798 for writable canned queries 698. This means that submitting those read-only forms exposes the CSRF token in the URL - for example on https://latest.datasette.io/fixtures/neighborhoodsearch submitti...

6.8AI score
Exploits0References5Affected Software1
Rows per page
Query Builder