Slippers Vulnerable to Cross-Site Scripting (XSS) in `attrs` Template Tag

Summary A Cross-site Scripting XSS vulnerability exists in the % attrs % template tag of the slippers Django package. When a context variable containing untrusted data is passed to % attrs %, the value is interpolated into an HTML attribute string without escaping, allowing an attacker to break o...

GHSA-CF9F-WMHP-V4PR Cross-site Scripting potential in custom links, job buttons, and computed fields

Impact All users of Nautobot versions earlier than 1.6.6 or 2.0.5 are potentially affected. Due to incorrect usage of Django's marksafe API when rendering certain types of user-authored content, including: - custom links - job buttons - computed fields it is possible that users with permission to...

PYSEC-2023-285

Nautobot is a Network Source of Truth and Network Automation Platform built as a web application All users of Nautobot versions earlier than 1.6.6 or 2.0.5 are potentially affected by a cross-site scripting vulnerability. Due to incorrect usage of Django's marksafe API when rendering certain type...

Cross site scripting

Nautobot is a Network Source of Truth and Network Automation Platform built as a web application All users of Nautobot versions earlier than 1.6.6 or 2.0.5 are potentially affected by a cross-site scripting vulnerability. Due to incorrect usage of Django's marksafe API when rendering certain type...