11 matches found
CVE-2026-34231
Slippers is a UI component framework for Django. Prior to version 0.6.3, a Cross-Site Scripting XSS vulnerability exists in the % attrs % template tag of the slippers Django package. When a context variable containing untrusted data is passed to % attrs %, the value is interpolated into an HTML...
CVE-2026-34231
Slippers is a UI component framework for Django. Prior to version 0.6.3, a Cross-Site Scripting XSS vulnerability exists in the % attrs % template tag of the slippers Django package. When a context variable containing untrusted data is passed to % attrs %, the value is interpolated into an HTML...
CVE-2026-34231 Slippers: Cross-Site Scripting (XSS) in `attrs` Template Tag
Slippers is a UI component framework for Django. Prior to version 0.6.3, a Cross-Site Scripting XSS vulnerability exists in the % attrs % template tag of the slippers Django package. When a context variable containing untrusted data is passed to % attrs %, the value is interpolated into an HTML...
CVE-2026-34231
The CVE-2026-34231 entry is connected to a real advisory: GHSA-w7rv-gfp4-j9j3 describes an XSS in the Django package slippers, specifically in the {% attrs %} template tag. Root cause: AttrsNode renders without auto-escaping, and the custom Node.render path does not apply escaping, causing untrus...
CVE-2026-34231 Slippers: Cross-Site Scripting (XSS) in `attrs` Template Tag
Slippers is a UI component framework for Django. Prior to version 0.6.3, a Cross-Site Scripting XSS vulnerability exists in the % attrs % template tag of the slippers Django package. When a context variable containing untrusted data is passed to % attrs %, the value is interpolated into an HTML...
CVE-2026-34231 Slippers: Cross-Site Scripting (XSS) in `attrs` Template Tag
Slippers is a UI component framework for Django. Prior to version 0.6.3, a Cross-Site Scripting XSS vulnerability exists in the % attrs % template tag of the slippers Django package. When a context variable containing untrusted data is passed to % attrs %, the value is interpolated into an HTML...
slippers 跨站脚本漏洞
Slippers is a Django template language enhancement tool developed by Mitchel Cabuloy. Versions of Slippers prior to 0.6.3 contained a cross-site scripting vulnerability. This vulnerability stemmed from template tags that did not escape context variables, which could lead to cross-site scripting...
GHSA-W7RV-GFP4-J9J3 Slippers Vulnerable to Cross-Site Scripting (XSS) in `attrs` Template Tag
Summary A Cross-site Scripting XSS vulnerability exists in the % attrs % template tag of the slippers Django package. When a context variable containing untrusted data is passed to % attrs %, the value is interpolated into an HTML attribute string without escaping, allowing an attacker to break o...
jfk-django-core (=1.6.0) potentially affected by CVE-2026-34231 via slippers (=0.6.2)
slippers PYPI version =0.6.2 is affected by a known vulnerability. The following packages have a transitive dependency on slippers and may be impacted: - jfk-django-core =1.6.0 Source cves: CVE-2026-34231 Source advisory: SNYK:PYTHON-SLIPPERS-15857196...
Slippers Vulnerable to Cross-Site Scripting (XSS) in `attrs` Template Tag
Summary A Cross-site Scripting XSS vulnerability exists in the % attrs % template tag of the slippers Django package. When a context variable containing untrusted data is passed to % attrs %, the value is interpolated into an HTML attribute string without escaping, allowing an attacker to break o...
PT-2026-29160
Summary A Cross-site Scripting XSS vulnerability exists in the % attrs % template tag of the slippers Django package. When a context variable containing untrusted data is passed to % attrs %, the value is interpolated into an HTML attribute string without escaping, allowing an attacker to break o...