2 matches found
CVE-2023-38758
The CVE-2023-38758 entry concerns wger Workout Manager v2.2.0a3, with a Cross-Site Scripting flaw exploitable via the license_author field in the add-ingredient workflow (templates/ingredients/view.html, models/ingredients.py, views/ingredients.py). The underlying issue is a stored/ reflected XSS...
CVE-2023-38759
CVE-2023-38759 describes a Cross-Site Request Forgery (CSRF) vulnerability in the wger Project, Workout Manager version 2.2.0a3. The issue enables a remote attacker to gain privileges via the user-management features, affecting multiple components/files (e.g., gym.py, reset_user_password.html, ov...