Lucene search
K

9 matches found

RedhatCVE
RedhatCVE
added 2026/04/20 7:23 p.m.5 views

CVE-2026-40353

wger is a free, open-source workout and fitness manager. In versions 2.5 and below, the attributionlink property in AbstractLicenseModel constructs HTML by directly interpolating user-controlled license fields such as licenseauthor without escaping, and templates render the result using Django's...

5.4CVSS5.7AI score0.00207EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2026/04/17 9:16 p.m.2 views

CVE-2026-40353

wger is a free, open-source workout and fitness manager. In versions 2.5 and below, the attributionlink property in AbstractLicenseModel constructs HTML by directly interpolating user-controlled license fields such as licenseauthor without escaping, and templates render the result using Django's...

5.1CVSS5.7AI score0.00207EPSS
Exploits1References3Affected Software1
CVE
CVE
added 2026/04/17 9:16 p.m.22 views

CVE-2026-40353

CVE-2026-40353 affects wger (versions 2.5 and earlier) where AbstractLicenseModel.attribution_link builds HTML by directly interpolating user-controlled fields (e.g., license_author) without escaping, and templates render it with Django’s safe filter. This allows an authenticated user to store an...

5.4CVSS5.7AI score0.00207EPSS
Exploits1References2Affected Software1
Snyk
Snyk
added 2026/04/16 1:37 a.m.3 views

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS in the attributionlink property, which constructs HTML by directly interpolating user-controlled fields without escaping. An attacker can execute arbitrary JavaScript in the context of users viewing ingredient o...

9CVSS5.7AI score0.00207EPSS
Exploits1References2
OSV
OSV
added 2023/08/08 6:30 p.m.15 views

GHSA-8M9P-3926-GFFR wger Workout Manager Cross-site Scripting vulnerability

Cross Site Scripting vulnerability in wger Project wger Workout Manager v.2.2.0a3 allows a remote attacker to gain privileges via the licenseauthor field in the add-ingredient function in the templates/ingredients/view.html, models/ingredients.py, and views/ingredients.py components...

5.4CVSS5.4AI score0.00467EPSS
Exploits1References5
ATTACKERKB
ATTACKERKB
added 2023/08/08 4:15 p.m.3 views

CVE-2023-38758

Cross Site Scripting vulnerability in wger Project wger Workout Manager v.2.2.0a3 allows a remote attacker to gain privileges via the licenseauthor field in the add-ingredient function in the templates/ingredients/view.html, models/ingredients.py, and views/ingredients.py components...

5.4CVSS5.8AI score0.00467EPSS
Exploits1References3
OSV
OSV
added 2023/08/08 4:15 p.m.4 views

CVE-2023-38758

Cross Site Scripting vulnerability in wger Project wger Workout Manager v.2.2.0a3 allows a remote attacker to gain privileges via the licenseauthor field in the add-ingredient function in the templates/ingredients/view.html, models/ingredients.py, and views/ingredients.py components...

5.4CVSS5.8AI score0.00467EPSS
Exploits1References2
PyPA
PyPA
added 2023/08/08 4:15 p.m.5 views

PYSEC-2023-143

Cross Site Scripting vulnerability in wger Project wger Workout Manager v.2.2.0a3 allows a remote attacker to gain privileges via the licenseauthor field in the add-ingredient function in the templates/ingredients/view.html, models/ingredients.py, and views/ingredients.py components...

5.4CVSS6.9AI score0.00467EPSS
Exploits1References4Affected Software1
Cvelist
Cvelist
added 2023/08/08 12:0 a.m.43 views

CVE-2023-38758

Cross Site Scripting vulnerability in wger Project wger Workout Manager v.2.2.0a3 allows a remote attacker to gain privileges via the licenseauthor field in the add-ingredient function in the templates/ingredients/view.html, models/ingredients.py, and views/ingredients.py components...

5.8AI score0.00467EPSS
Exploits1References2
Rows per page
Query Builder