91 matches found
GHSA-H5C8-RQWP-CP95 Jinja vulnerable to HTML attribute injection when passing user input as keys to xmlattr filter
The xmlattr filter in affected versions of Jinja accepts keys containing spaces. XML/HTML attributes cannot contain spaces, as each would then be interpreted as a separate attribute. If an application accepts keys as opposed to only values as user input, and renders these in pages that other user...
DEBIAN-CVE-2024-22195
Jinja is an extensible templating engine. Special placeholders in the template allow writing code similar to Python syntax. It is possible to inject arbitrary HTML attributes into the rendered HTML template, potentially leading to Cross-Site Scripting XSS. The Jinja xmlattr filter can be abused t...
AZL-33320 CVE-2024-22195 affecting package python-jinja2 for versions less than 3.0.3-3
Jinja is an extensible templating engine. Special placeholders in the template allow writing code similar to Python syntax. It is possible to inject arbitrary HTML attributes into the rendered HTML template, potentially leading to Cross-Site Scripting XSS. The Jinja xmlattr filter can be abused t...
AZL-33349 CVE-2024-22195 affecting package nodejs18 for versions less than 18.20.3-3
Jinja is an extensible templating engine. Special placeholders in the template allow writing code similar to Python syntax. It is possible to inject arbitrary HTML attributes into the rendered HTML template, potentially leading to Cross-Site Scripting XSS. The Jinja xmlattr filter can be abused t...
AZL-35134 CVE-2024-22195 affecting package python-jinja2 for versions less than 3.1.2-2
Jinja is an extensible templating engine. Special placeholders in the template allow writing code similar to Python syntax. It is possible to inject arbitrary HTML attributes into the rendered HTML template, potentially leading to Cross-Site Scripting XSS. The Jinja xmlattr filter can be abused t...
ALPINE-CVE-2024-22195
Jinja is an extensible templating engine. Special placeholders in the template allow writing code similar to Python syntax. It is possible to inject arbitrary HTML attributes into the rendered HTML template, potentially leading to Cross-Site Scripting XSS. The Jinja xmlattr filter can be abused t...
CVE-2024-22195
Jinja is an extensible templating engine. Special placeholders in the template allow writing code similar to Python syntax. It is possible to inject arbitrary HTML attributes into the rendered HTML template, potentially leading to Cross-Site Scripting XSS. The Jinja xmlattr filter can be abused t...
UBUNTU-CVE-2024-22195
Jinja is an extensible templating engine. Special placeholders in the template allow writing code similar to Python syntax. It is possible to inject arbitrary HTML attributes into the rendered HTML template, potentially leading to Cross-Site Scripting XSS. The Jinja xmlattr filter can be abused t...
CVE-2024-22195 Jinja vulnerable to Cross-Site Scripting (XSS)
Jinja is an extensible templating engine. Special placeholders in the template allow writing code similar to Python syntax. It is possible to inject arbitrary HTML attributes into the rendered HTML template, potentially leading to Cross-Site Scripting XSS. The Jinja xmlattr filter can be abused t...
PT-2024-1412
Name of the Vulnerable Software and Affected Versions Jinja2 affected versions not specified Description Jinja is an extensible templating engine that allows writing code similar to Python syntax. The Jinja xmlattr filter can be abused to inject arbitrary HTML attribute keys and values, bypassing...
PT-2024-10415
Name of the Vulnerable Software and Affected Versions Jinja versions prior to 3.1.4 Description The issue is related to the xmlattr filter in Jinja, which accepts keys containing non-attribute characters. XML/HTML attributes cannot contain spaces, /, , or =, as each would then be interpreted as...