Lucene search
Veracode Vulnerability DatabaseVERACODE:33152HistoryDec 02, 2021 - 8:01 a.m.
Cross-site Scripting (XSS)
2021-12-0208:01:37
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
5
0.002 Low
EPSS
Percentile
56.6%
django_helpdesk is vulnerable to cross-site scripting (XSS) attacks. The vulnerability exists due to improper sanitization when rendering to Markdown allowing attackers to bypass the filters and inject arbitrary code to victim’s web browser.
| CPE | Name | Operator | Version |
|---|---|---|---|
| django-helpdesk | le | 0.3.1 | |
| django-helpdesk | le | 0.3.1 |
References
github.com/django-helpdesk/django-helpdesk/commit/a22eb0673fe0b7784f99c6b5fd343b64a6700f06
github.com/django-helpdesk/django-helpdesk/commit/f73651f8f9808fe740b5bbbe589fb8dc5a14413d
github.com/django-helpdesk/django-helpdesk/pull/985
huntr.dev/bounties/be7f211d-4bfd-44fd-91e8-682329906fbd
huntr.dev/bounties/be7f211d-4bfd-44fd-91e8-682329906fbd/
Related
huntr
huntr
Cross-site Scripting (XSS) - Stored in django-helpdesk/django-helpdesk
2021-11-19 02:14:59
nvd
nvd
CVE-2021-3994
2021-12-01 11:15:08
github
github
django-helpdesk is vulnerable to Cross-site Scripting
2021-12-03 20:42:26
osv
osv
CVE-2021-3994
2021-12-01 11:15:08
PYSEC-2021-438
2021-12-01 11:15:00
django-helpdesk is vulnerable to Cross-site Scripting
2021-12-03 20:42:26
cvelist
cvelist
cve
cve
CVE-2021-3994
2021-12-01 11:15:08
prion
prion
Cross site scripting
2021-12-01 11:15:00