22 matches found
CVE-2024-39162
pyspider through 0.3.10 allows /update XSS. NOTE: This vulnerability only affects products that are no longer supported by the maintainer...
CVE-2024-39163
binux pyspider up to v0.3.10 was discovered to contain a Cross-Site Request Forgery CSRF via the Flask endpoints...
GHSA-PQJ8-XHCX-PRXM pyspider Cross-Site Request Forgery (CSRF) via the Flask endpoints
binux pyspider up to v0.3.10 was discovered to contain a Cross-Site Request Forgery CSRF via the Flask endpoints...
pyspider Cross-Site Request Forgery (CSRF) via the Flask endpoints
binux pyspider up to v0.3.10 was discovered to contain a Cross-Site Request Forgery CSRF via the Flask endpoints...
Cross-site Request Forgery (CSRF)
Overview pyspider is an A Powerful Spider System in Python Affected versions of this package are vulnerable to Cross-site Request Forgery CSRF through the Flask endpoints. An attacker can manipulate the state of the application. Remediation There is no fixed version for pyspider. References -...
CVE-2024-39163
binux pyspider up to v0.3.10 was discovered to contain a Cross-Site Request Forgery CSRF via the Flask endpoints...
CVE-2024-39163
binux pyspider up to v0.3.10 was discovered to contain a Cross-Site Request Forgery CSRF via the Flask endpoints...
CVE-2024-39163
The CVE-2024-39163 entry concerns binux/pyspider up to v0.3.10, with a Cross‑Site Request Forgery (CSRF) vulnerability through the Flask endpoints. Affected component: pyspider’s Flask endpoints (web UI). Root cause: CSRF exposure enabling state manipulation via Flask routes (details consistent a...
CVE-2024-39163
binux pyspider up to v0.3.10 was discovered to contain a Cross-Site Request Forgery CSRF via the Flask endpoints...
CVE-2024-39163
binux pyspider up to v0.3.10 was discovered to contain a Cross-Site Request Forgery CSRF via the Flask endpoints...
pyspider 安全漏洞
pyspider is a powerful web crawler system open-sourced by Roy Binux. A security vulnerability exists in pyspider v0.3.10 and earlier versions, which stems from vulnerability to cross-site request forgery initiated via a Flask endpoint...
GHSA-X4X5-JX9J-MMV7 pyspider Cross-site Scripting vulnerability
pyspider through 0.3.10 allows /update XSS. NOTE: This vulnerability only affects products that are no longer supported by the maintainer...
pyspider Cross-site Scripting vulnerability
pyspider through 0.3.10 allows /update XSS. NOTE: This vulnerability only affects products that are no longer supported by the maintainer...
CVE-2024-39162
pyspider through 0.3.10 allows /update XSS. NOTE: This vulnerability only affects products that are no longer supported by the maintainer...
CVE-2024-39162
pyspider through 0.3.10 allows /update XSS. NOTE: This vulnerability only affects products that are no longer supported by the maintainer...
Cross-site Scripting (XSS)
Overview pyspider is an A Powerful Spider System in Python Affected versions of this package are vulnerable to Cross-site Scripting XSS through the /update endpoint due to improper sanitization of the name parameter. Note: To successfully exploit this vulnerability in a real-life scenario, the...
PySpider 安全漏洞
pyspider is a powerful web crawler system open-sourced by Roy Binux. A security vulnerability exists in PySpider version 0.3.10 and earlier, which stems from a failure to properly clean up the name parameter, allowing cross-site scripting attacks via the /update endpoint...
CVE-2024-39162
pyspider through 0.3.10 allows /update XSS. NOTE: This vulnerability only affects products that are no longer supported by the maintainer...
PT-2024-28372 · Pyspider · Pyspider
Name of the Vulnerable Software and Affected Versions: pyspider versions 0.3.10 and earlier Description: The issue allows for Cross Site Scripting XSS via the /update endpoint. This affects products that are no longer supported by the maintainer. Recommendations: For versions 0.3.10 and earlier, ...
CVE-2024-39162
pyspider through 0.3.10 allows /update XSS. NOTE: This vulnerability only affects products that are no longer supported by the maintainer...