27 matches found
Cross site scripting
helpers.py in Flask-Admin 1.5.2 has Reflected XSS via a crafted URL...
alo7-airflow (>=1.10.0 <=1.10.0.7), autologin (>=0.1.1 <=0.1.3) +3 more potentially affected by CVE-2018-16516 via flask-admin (>=1.4.0 <=1.5.2)
flask-admin PYPI version =1.4.0, =1.10.0, =0.1.1, =0.6.7.post3, =4.2.6, =0.1.0, =0.2.0 Source cves: CVE-2018-16516 Source advisory: OSV:PYSEC-2018-54...
PYSEC-2018-54
helpers.py in Flask-Admin 1.5.2 has Reflected XSS via a crafted URL...
PYSEC-2018-54
helpers.py in Flask-Admin 1.5.2 has Reflected XSS via a crafted URL...
CVE-2018-16516
CVE-2018-16516 affects Flask-Admin up to version 1.5.2, where helpers.py is vulnerable to reflected XSS via a crafted URL. The root cause is improper escaping that allows attacker-supplied input to be reflected in the response. Exploitation details are not provided in the documents beyond this de...
CVE-2018-16516
helpers.py in Flask-Admin 1.5.2 has Reflected XSS via a crafted URL...
Cross-Site Scripting (XSS)
flask-admin is vulnerable to cross-site scripting XSS attacks. This is because it does not escape html in columneditablelist values...