3 matches found
EUVD-2023-1810
Malicious code in bioql PyPI...
dk.mada.jaxrs:openapi-jaxrs-client (>=0.9.12 <=0.9.16), io.jstach:jstachio-jmustache (>=0.6.0 <=1.0.0) +5 more potentially affected by CVE-2023-33962 via io.jstach:jstachio (>=0.6.0 <=1.0.0)
io.jstach:jstachio MAVEN version =0.6.0, =0.9.12, =0.6.0, =0.8.0, =0.8.0, =1.0.0 - io.jstach:jstachio-spring-webflux =1.0.0 - io.jstach:jstachio-spring-webflux-example =1.0.0 - io.jstach:jstachio-spring-webmvc =1.0.0 Source cves: CVE-2023-33962 Source advisory: OSV:GHSA-GWXV-JV83-6QJR...
CVE-2023-33962 JStachio XSS vulnerability: Unescaped single quotes
JStachio is a type-safe Java Mustache templating engine. Prior to version 1.0.1, JStachio fails to escape single quotes ' in HTML, allowing an attacker to inject malicious code. This vulnerability can be exploited by an attacker to execute arbitrary JavaScript code in the context of other users...