Lucene search
K

91 matches found

OSV
OSV
added 2024/01/11 3:20 p.m.1 views

GHSA-H5C8-RQWP-CP95 Jinja vulnerable to HTML attribute injection when passing user input as keys to xmlattr filter

The xmlattr filter in affected versions of Jinja accepts keys containing spaces. XML/HTML attributes cannot contain spaces, as each would then be interpreted as a separate attribute. If an application accepts keys as opposed to only values as user input, and renders these in pages that other user...

5.4CVSS6.8AI score0.00892EPSS
Exploits0References10
OSV
OSV
added 2024/01/11 3:15 a.m.1 views

DEBIAN-CVE-2024-22195

Jinja is an extensible templating engine. Special placeholders in the template allow writing code similar to Python syntax. It is possible to inject arbitrary HTML attributes into the rendered HTML template, potentially leading to Cross-Site Scripting XSS. The Jinja xmlattr filter can be abused t...

6.1CVSS6.8AI score0.00892EPSS
Exploits0References1
OSV
OSV
added 2024/01/11 3:15 a.m.5 views

AZL-33320 CVE-2024-22195 affecting package python-jinja2 for versions less than 3.0.3-3

Jinja is an extensible templating engine. Special placeholders in the template allow writing code similar to Python syntax. It is possible to inject arbitrary HTML attributes into the rendered HTML template, potentially leading to Cross-Site Scripting XSS. The Jinja xmlattr filter can be abused t...

6.1CVSS6.9AI score0.00892EPSS
Exploits0References1
OSV
OSV
added 2024/01/11 3:15 a.m.3 views

AZL-33349 CVE-2024-22195 affecting package nodejs18 for versions less than 18.20.3-3

Jinja is an extensible templating engine. Special placeholders in the template allow writing code similar to Python syntax. It is possible to inject arbitrary HTML attributes into the rendered HTML template, potentially leading to Cross-Site Scripting XSS. The Jinja xmlattr filter can be abused t...

6.1CVSS6.7AI score0.00892EPSS
Exploits0References1
OSV
OSV
added 2024/01/11 3:15 a.m.4 views

AZL-35134 CVE-2024-22195 affecting package python-jinja2 for versions less than 3.1.2-2

Jinja is an extensible templating engine. Special placeholders in the template allow writing code similar to Python syntax. It is possible to inject arbitrary HTML attributes into the rendered HTML template, potentially leading to Cross-Site Scripting XSS. The Jinja xmlattr filter can be abused t...

6.1CVSS6.9AI score0.00892EPSS
Exploits0References1
OSV
OSV
added 2024/01/11 3:15 a.m.2 views

ALPINE-CVE-2024-22195

Jinja is an extensible templating engine. Special placeholders in the template allow writing code similar to Python syntax. It is possible to inject arbitrary HTML attributes into the rendered HTML template, potentially leading to Cross-Site Scripting XSS. The Jinja xmlattr filter can be abused t...

6.1CVSS6.5AI score0.00892EPSS
Exploits0References1
NVD
NVD
added 2024/01/11 3:15 a.m.60 views

CVE-2024-22195

Jinja is an extensible templating engine. Special placeholders in the template allow writing code similar to Python syntax. It is possible to inject arbitrary HTML attributes into the rendered HTML template, potentially leading to Cross-Site Scripting XSS. The Jinja xmlattr filter can be abused t...

6.1CVSS6.2AI score0.00892EPSS
Exploits0References7
OSV
OSV
added 2024/01/11 3:15 a.m.7 views

UBUNTU-CVE-2024-22195

Jinja is an extensible templating engine. Special placeholders in the template allow writing code similar to Python syntax. It is possible to inject arbitrary HTML attributes into the rendered HTML template, potentially leading to Cross-Site Scripting XSS. The Jinja xmlattr filter can be abused t...

6.1CVSS6.9AI score0.00892EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2024/01/11 2:25 a.m.1 views

CVE-2024-22195 Jinja vulnerable to Cross-Site Scripting (XSS)

Jinja is an extensible templating engine. Special placeholders in the template allow writing code similar to Python syntax. It is possible to inject arbitrary HTML attributes into the rendered HTML template, potentially leading to Cross-Site Scripting XSS. The Jinja xmlattr filter can be abused t...

5.4CVSS6.7AI score0.00892EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2024/01/10 12:0 a.m.3 views

PT-2024-1412

Name of the Vulnerable Software and Affected Versions Jinja2 affected versions not specified Description Jinja is an extensible templating engine that allows writing code similar to Python syntax. The Jinja xmlattr filter can be abused to inject arbitrary HTML attribute keys and values, bypassing...

6.4CVSS6.9AI score0.00892EPSS
Exploits0References113
Positive Technologies
Positive Technologies
added 2023/01/16 12:0 a.m.5 views

PT-2024-10415

Name of the Vulnerable Software and Affected Versions Jinja versions prior to 3.1.4 Description The issue is related to the xmlattr filter in Jinja, which accepts keys containing non-attribute characters. XML/HTML attributes cannot contain spaces, /, , or =, as each would then be interpreted as...

6.4CVSS6.1AI score0.00979EPSS
Exploits0References107
Rows per page
Query Builder