28 matches found
LeafKit allows XSS with untrusted user input
This affects anyone passing unsanitised data to Leaf's variable tags. Before this fix, Leaf would not escape any strings passed to tags as variables. If an attacker managed to find a variable that was rendered with their unsanitised data, they could inject scripts into a generated Leaf page, whic...
CVE-2021-37634
Leafkit is a templating language with Swift-inspired syntax. Versions prior to 1.3.0 are susceptible to Cross-site Scripting XSS attacks. This affects anyone passing unsanitised data to Leaf's variable tags. Before this fix, Leaf would not escape any strings passed to tags as variables. If an...
CVE-2021-37634
Leafkit is a templating language with Swift-inspired syntax. Versions prior to 1.3.0 are susceptible to Cross-site Scripting XSS attacks. This affects anyone passing unsanitised data to Leaf's variable tags. Before this fix, Leaf would not escape any strings passed to tags as variables. If an...
Cross site scripting
Leafkit is a templating language with Swift-inspired syntax. Versions prior to 1.3.0 are susceptible to Cross-site Scripting XSS attacks. This affects anyone passing unsanitised data to Leaf's variable tags. Before this fix, Leaf would not escape any strings passed to tags as variables. If an...
CVE-2021-37634
LeafKit (Leaf kit) prior to v1.3.0 is vulnerable to Cross-site Scripting (XSS) when unsanitised data is passed to variable tags due to lack of escaping. The issue stems from not escaping strings rendered as variables, allowing injected scripts into generated Leaf pages if mitigations like a CSP a...
CVE-2021-37634 LeafKit allows XSS with untrusted user input
Leafkit is a templating language with Swift-inspired syntax. Versions prior to 1.3.0 are susceptible to Cross-site Scripting XSS attacks. This affects anyone passing unsanitised data to Leaf's variable tags. Before this fix, Leaf would not escape any strings passed to tags as variables. If an...
leafkit 跨站脚本漏洞
leafkit is a software application. Use Swift to create modular server-side software. A cross-site scripting vulnerability exists in Leafkit versions prior to 1.3.0, which affects any user who passes unprocessed data to a Leaf variable tag.Leaf does not escape any strings passed as variables to th...
PT-2021-21749 · Leafkit · Leafkit
Name of the Vulnerable Software and Affected Versions: Leafkit versions prior to 1.3.0 Description: Leafkit is a templating language with Swift-inspired syntax. The issue affects anyone passing unsanitised data to Leaf's variable tags. Before the fix, Leaf would not escape any strings passed to...