Lucene search
Veracode Vulnerability DatabaseVERACODE:30889HistoryJun 09, 2021 - 2:36 a.m.
Cross-site Scripting (XSS)
2021-06-0902:36:25
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
6
0.001 Low
EPSS
Percentile
40.2%
datasette is vulnerable to cross-site scripting (XSS). An attacker is able to inject and execute arbitrary Javascript in a user’s browser via the ?_trace=1 debugging feature.
References
datasette.io/plugins/datasette-auth-passwords
github.com/advisories/GHSA-xw7c-jx9m-xh5g
github.com/simonw/datasette/commit/26fc539312bca2551b6f048b6bcf4ffbb491289f
github.com/simonw/datasette/issues/1360
github.com/simonw/datasette/security/advisories/GHSA-xw7c-jx9m-xh5g
owasp.org/www-community/attacks/xss/#reflected-xss-attacks
pypi.org/project/datasette/
Related
prion
prion
Cross site scripting
2021-06-07 22:15:00
osv
osv
Reflected cross-site scripting issue in Datasette
2021-06-07 21:47:41
PYSEC-2021-89
2021-06-07 22:15:00
Reflected cross-site scripting issue in Datasette
2021-06-10 17:22:59
nvd
nvd
CVE-2021-32670
2021-06-07 22:15:07
cve
cve
CVE-2021-32670
2021-06-07 22:15:07
github
github
Reflected cross-site scripting issue in Datasette
2021-06-10 17:22:59
cvelist
cvelist
CVE-2021-32670 Reflected cross-site scripting issue in Datasette
2021-06-07 21:20:13