22 matches found
CVE-2024-39162
pyspider through 0.3.10 allows /update XSS. NOTE: This vulnerability only affects products that are no longer supported by the maintainer...
CVE-2024-39163
binux pyspider up to v0.3.10 was discovered to contain a Cross-Site Request Forgery CSRF via the Flask endpoints...
GHSA-PQJ8-XHCX-PRXM pyspider Cross-Site Request Forgery (CSRF) via the Flask endpoints
binux pyspider up to v0.3.10 was discovered to contain a Cross-Site Request Forgery CSRF via the Flask endpoints...
pyspider Cross-Site Request Forgery (CSRF) via the Flask endpoints
binux pyspider up to v0.3.10 was discovered to contain a Cross-Site Request Forgery CSRF via the Flask endpoints...
Cross-site Request Forgery (CSRF)
Overview pyspider is an A Powerful Spider System in Python Affected versions of this package are vulnerable to Cross-site Request Forgery CSRF through the Flask endpoints. An attacker can manipulate the state of the application. Remediation There is no fixed version for pyspider. References -...
CVE-2024-39163
binux pyspider up to v0.3.10 was discovered to contain a Cross-Site Request Forgery CSRF via the Flask endpoints...
CVE-2024-39163
binux pyspider up to v0.3.10 was discovered to contain a Cross-Site Request Forgery CSRF via the Flask endpoints...
CVE-2024-39163
The CVE-2024-39163 entry concerns binux/pyspider up to v0.3.10, with a Cross‑Site Request Forgery (CSRF) vulnerability through the Flask endpoints. Affected component: pyspider’s Flask endpoints (web UI). Root cause: CSRF exposure enabling state manipulation via Flask routes (details consistent a...
pyspider 安全漏洞
pyspider is a powerful web crawler system open-sourced by Roy Binux. A security vulnerability exists in pyspider v0.3.10 and earlier versions, which stems from vulnerability to cross-site request forgery initiated via a Flask endpoint...
CVE-2024-39163
binux pyspider up to v0.3.10 was discovered to contain a Cross-Site Request Forgery CSRF via the Flask endpoints...
CVE-2024-39163
binux pyspider up to v0.3.10 was discovered to contain a Cross-Site Request Forgery CSRF via the Flask endpoints...
pyspider Cross-site Scripting vulnerability
pyspider through 0.3.10 allows /update XSS. NOTE: This vulnerability only affects products that are no longer supported by the maintainer...
GHSA-X4X5-JX9J-MMV7 pyspider Cross-site Scripting vulnerability
pyspider through 0.3.10 allows /update XSS. NOTE: This vulnerability only affects products that are no longer supported by the maintainer...
CVE-2024-39162
pyspider through 0.3.10 allows /update XSS. NOTE: This vulnerability only affects products that are no longer supported by the maintainer...
CVE-2024-39162
pyspider through 0.3.10 allows /update XSS. NOTE: This vulnerability only affects products that are no longer supported by the maintainer...
Cross-site Scripting (XSS)
Overview pyspider is an A Powerful Spider System in Python Affected versions of this package are vulnerable to Cross-site Scripting XSS through the /update endpoint due to improper sanitization of the name parameter. Note: To successfully exploit this vulnerability in a real-life scenario, the...
CVE-2024-39162
pyspider through 0.3.10 allows /update XSS. NOTE: This vulnerability only affects products that are no longer supported by the maintainer...
CVE-2024-39162
CVE-2024-39162 affects pyspider up to version 0.3.10, with a Cross-site Scripting (XSS) flaw exploitable via the /update endpoint. The issue stems from improper sanitization of the name parameter, and is limited to software that is no longer maintained. Public details consistently note that there...
PySpider 安全漏洞
pyspider is a powerful web crawler system open-sourced by Roy Binux. A security vulnerability exists in PySpider version 0.3.10 and earlier, which stems from a failure to properly clean up the name parameter, allowing cross-site scripting attacks via the /update endpoint...
CVE-2024-39162
pyspider through 0.3.10 allows /update XSS. NOTE: This vulnerability only affects products that are no longer supported by the maintainer...