GHSA-CF9F-WMHP-V4PR Cross-site Scripting potential in custom links, job buttons, and computed fields

Impact All users of Nautobot versions earlier than 1.6.6 or 2.0.5 are potentially affected. Due to incorrect usage of Django's marksafe API when rendering certain types of user-authored content, including: - custom links - job buttons - computed fields it is possible that users with permission to...

PYSEC-2023-285

Nautobot is a Network Source of Truth and Network Automation Platform built as a web application All users of Nautobot versions earlier than 1.6.6 or 2.0.5 are potentially affected by a cross-site scripting vulnerability. Due to incorrect usage of Django's marksafe API when rendering certain type...

Cross site scripting

Nautobot is a Network Source of Truth and Network Automation Platform built as a web application All users of Nautobot versions earlier than 1.6.6 or 2.0.5 are potentially affected by a cross-site scripting vulnerability. Due to incorrect usage of Django's marksafe API when rendering certain type...

Cross-site Scripting (XSS)

manila-ui is vulnerable to reflected cross-site scripting XSS. The Create Share form takes user-supplied metadata and passes it to a call to marksafe. This allows remotely authenticated, but unprivileged users to insert JavaScript code...

Cross-site Scripting (XSS)

manila-ui is vulnerable to reflected cross-site scripting XSS. The Create Share form takes user-supplied metadata and passes it to a call to marksafe. This allows remotely authenticated, but unprivileged users to insert JavaScript code...