21 matches found
[SECURITY] Fedora 43 Update: python-wsgidav-4.3.4-1.fc43
A generic and extendable WebDAV server written in Python and based on WSGI. Main features: =E2=80=A2 WsgiDAV is a stand-alone WebDAV server with SSL support, that can be installed and run as Python command line script. =E2=80=A2 The python-pam library is needed as extra requirement if pam-login...
Fedora 43 : python-wsgidav (2026-7d942b469f)
The remote Fedora 43 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-7d942b469f advisory. 4.3.4 / 2026-05-24 - Resolve security advisory CVE-2026-48099 Tenable has extracted the preceding description block directly from the Fedora security advisor...
Fedora 44 : python-wsgidav (2026-b2212b4742)
The remote Fedora 44 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-b2212b4742 advisory. 4.3.4 / 2026-05-24 - Resolve security advisory CVE-2026-48099 Tenable has extracted the preceding description block directly from the Fedora security advisor...
EUVD-2022-0366
Malicious code in bioql PyPI...
FreeBSD : py-WsgiDAV -- XSS vulnerability (1a15b928-5011-4953-8133-d49e24902fe1)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 1a15b928-5011-4953-8133-d49e24902fe1 advisory. - WsgiDAV is a generic and extendable WebDAV server based on WSGI. Implementations using this library...
GHSA-XX6G-JJ35-PXJV Cross Site Scripting vulnerability in wsgidav when directory browsing is enabled
Impact Implementations using this library with directory browsing enabled may be susceptible to Cross Site Scripting XSS attacks. Patches Users can upgrade to v4.1.0 Workarounds Set dirbrowser.enable = False in the configuration. For instance, when using a Python dictionary to configure the...
manabi (>=0.1.0 <=0.4.0) potentially affected by CVE-2022-41905 via wsgidav (=3.1.1)
wsgidav PYPI version =3.1.1 is affected by a known vulnerability. The following packages have a transitive dependency on wsgidav and may be impacted: - manabi =0.1.0, =0.4.0 Source cves: CVE-2022-41905 Source advisory: OSV:GHSA-XX6G-JJ35-PXJV...
Cross Site Scripting vulnerability in wsgidav when directory browsing is enabled
Impact Implementations using this library with directory browsing enabled may be susceptible to Cross Site Scripting XSS attacks. Patches Users can upgrade to v4.1.0 Workarounds Set dirbrowser.enable = False in the configuration. For instance, when using a Python dictionary to configure the...
Cross-Site Scripting (XSS)
wsgidav is vulnerable to cross-site scripting. The vulnerability exists in the init function of dirbrowser.py when directory browsing is enabled which allows an attacker to inject and execute malicious JavaScript...
CVE-2022-41905
WsgiDAV is a generic and extendable WebDAV server based on WSGI. Implementations using this library with directory browsing enabled may be susceptible to Cross Site Scripting XSS attacks. This issue has been patched, users can upgrade to version 4.1.0. As a workaround, set dirbrowser.enable = Fal...
PYSEC-2022-43018
WsgiDAV is a generic and extendable WebDAV server based on WSGI. Implementations using this library with directory browsing enabled may be susceptible to Cross Site Scripting XSS attacks. This issue has been patched, users can upgrade to version 4.1.0. As a workaround, set dirbrowser.enable = Fal...
PYSEC-2022-43018
WsgiDAV is a generic and extendable WebDAV server based on WSGI. Implementations using this library with directory browsing enabled may be susceptible to Cross Site Scripting XSS attacks. This issue has been patched, users can upgrade to version 4.1.0. As a workaround, set dirbrowser.enable = Fal...
Cross site scripting
WsgiDAV is a generic and extendable WebDAV server based on WSGI. Implementations using this library with directory browsing enabled may be susceptible to Cross Site Scripting XSS attacks. This issue has been patched, users can upgrade to version 4.1.0. As a workaround, set dirbrowser.enable = Fal...
manabi (>=0.1.0 <=0.4.0) potentially affected by CVE-2022-41905 via wsgidav (=3.1.1)
wsgidav PYPI version =3.1.1 is affected by a known vulnerability. The following packages have a transitive dependency on wsgidav and may be impacted: - manabi =0.1.0, =0.4.0 Source cves: CVE-2022-41905 Source advisory: OSV:PYSEC-2022-43018...
PT-2022-26136 · Wsgidav · Wsgidav
Name of the Vulnerable Software and Affected Versions: WsgiDAV versions prior to 4.1.0 Description: Implementations using this library with directory browsing enabled may be susceptible to Cross Site Scripting XSS attacks. This issue occurs when untrusted data is displayed in the directory...
py-WsgiDAV -- XSS vulnerability
Implementations using this library with directory browsing enabled may be susceptible to Cross Site Scripting XSS attacks...
CVE-2022-41905
WsgiDAV (WebDAV server) is affected by CVE-2022-41905 when directory browsing is enabled. The vulnerability enables Cross-Site Scripting (XSS) in scenarios where untrusted data is displayed in the directory browser UI. The issue has been patched; upgrading to WsgiDAV 4.1.0 is recommended. As a wo...
WsgiDAV 跨站脚本漏洞
WsgiDAV is a WSGI-based general-purpose extensible WebDAV server from Martin Wendt, a personal developer. A security vulnerability exists in WsgiDAV that stems from vulnerability to cross-site scripting XSS attacks...
CVE-2022-41905 wsgidav is vulnerable to Cross-Site Scripting (XSS) when directory browsing is enabled
WsgiDAV is a generic and extendable WebDAV server based on WSGI. Implementations using this library with directory browsing enabled may be susceptible to Cross Site Scripting XSS attacks. This issue has been patched, users can upgrade to version 4.1.0. As a workaround, set dirbrowser.enable = Fal...
CVE-2022-41905 wsgidav is vulnerable to Cross-Site Scripting (XSS) when directory browsing is enabled
WsgiDAV is a generic and extendable WebDAV server based on WSGI. Implementations using this library with directory browsing enabled may be susceptible to Cross Site Scripting XSS attacks. This issue has been patched, users can upgrade to version 4.1.0. As a workaround, set dirbrowser.enable = Fal...