2 matches found
PT-2023-2612 · Werkzeug +5 · Werkzeug +5
Name of the Vulnerable Software and Affected Versions: Werkzeug versions prior to 2.2.3 Description: The issue is related to how Werkzeug handles "nameless" cookies that look like =value instead of key=value. A vulnerable browser may allow a compromised application on an adjacent subdomain to...
PT-2023-33023 · Dompurify · Dompurify
Name of the Vulnerable Software and Affected Versions: dompurify versions prior to 2.2.3 Description: The issue is caused by nested headlines, leading to a cross-site scripting problem. Recommendations: For versions prior to 2.2.3, update to version 2.2.3 or later to resolve the issue...