django_helpdesk is vulnerable to cross-site scripting (XSS) attacks. The vulnerability exists due to improper sanitization when rendering to Markdown allowing attackers to bypass the filters and inject arbitrary code to victim’s web browser.
CPE | Name | Operator | Version |
---|---|---|---|
django-helpdesk | le | 0.3.1 | |
django-helpdesk | le | 0.3.1 |
github.com/django-helpdesk/django-helpdesk/commit/a22eb0673fe0b7784f99c6b5fd343b64a6700f06
github.com/django-helpdesk/django-helpdesk/commit/f73651f8f9808fe740b5bbbe589fb8dc5a14413d
github.com/django-helpdesk/django-helpdesk/pull/985
huntr.dev/bounties/be7f211d-4bfd-44fd-91e8-682329906fbd
huntr.dev/bounties/be7f211d-4bfd-44fd-91e8-682329906fbd/