datasette is vulnerable to cross-site scripting (XSS). An attacker is able to inject and execute arbitrary Javascript in a user’s browser via the ?_trace=1
debugging feature.
datasette.io/plugins/datasette-auth-passwords
github.com/advisories/GHSA-xw7c-jx9m-xh5g
github.com/simonw/datasette/commit/26fc539312bca2551b6f048b6bcf4ffbb491289f
github.com/simonw/datasette/issues/1360
github.com/simonw/datasette/security/advisories/GHSA-xw7c-jx9m-xh5g
owasp.org/www-community/attacks/xss/#reflected-xss-attacks
pypi.org/project/datasette/