PYSEC-2019-255

See a problem?

Import Source

https://github.com/pypa/advisory-database/blob/main/vulns/tautulli/PYSEC-2019-255.yaml

JSON Data

https://api.osv.dev/v1/vulns/PYSEC-2019-255

Withdrawn

2024-11-22T04:37:05Z

Published

2019-02-19T16:29:00Z

Modified

2025-10-09T07:05:10.446348Z

Severity

6.1 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Summary

[none]

Details

data/interfaces/default/history.html in Tautulli 2.1.26 has XSS via a crafted Plex username that is mishandled when constructing the History page.

References

Affected packages

PyPI / tautulli

Package

Name: tautulli; View open source insights on deps.dev
Purl: pkg:pypi/tautulli

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.0.0

1.1.0

1.1.1

1.1.2

1.1.3

1.1.4

1.2.0

1.2.1

2.*

2.0.0

2.1.0.294

2.1.1.294

2.1.1.2103

3.*

3.0.0.2103

3.0.1.2103

3.0.2.2103

3.1.0.2103

3.1.1.2103

3.1.2.2103

3.1.3.2103

3.1.4.2120

3.2.0.2120

3.2.1.2120

3.3.0.2120

3.3.1.2120

3.4.0.2120

3.4.1.2120

3.5.0.2120

3.5.1.2120

3.5.2.2120

3.5.3.2120

3.6.0.2120

3.7.0.2120

4.*

4.0.2120

4.1.0.2140b0

4.2.0.2140b0

4.2.1.2140b0

4.2.2.2140b0

4.3.0.2140b0

4.3.1.2140

4.3.2.2140

4.3.3.2140

4.3.4.2140

4.4.0.2142

4.5.0.2142

4.5.1.2142

4.6.0.2142

4.6.1.2142

4.6.2.2142

4.6.3.2142

4.6.4.2142

4.6.5.2142

4.6.6.2142

4.6.7.2142

Database specific

source

"https://github.com/pypa/advisory-database/blob/main/vulns/tautulli/PYSEC-2019-255.yaml"