PYSEC-2021-340

See a problem?

Import Source

https://github.com/pypa/advisory-database/blob/main/vulns/lin-cms/PYSEC-2021-340.yaml

JSON Data

https://api.osv.dev/v1/vulns/PYSEC-2021-340

Aliases

Published

2021-08-16T18:15:00Z

Modified

2025-10-09T07:29:19.117440Z

Summary

[none]

Details

Cross Site Scripting (XSS) in Lin-CMS-Flask v0.1.1 allows remote attackers to execute arbitrary code by entering scripts in the the 'Username' parameter of the in component 'app/api/cms/user.py'.

References

https://github.com/TaleLin/lin-cms-flask/issues/28

Affected packages

PyPI / lin-cms

Package

Name: lin-cms; View open source insights on deps.dev
Purl: pkg:pypi/lin-cms

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

0.*

0.1.1a1

0.1.1a2

0.1.1a3

0.1.1a4

0.1.1a5

0.1.1a6

0.1.1a7

0.1.1a8

0.1.1b1

0.1.1b2

0.1.1b3

0.1.1b4

0.2.0b1

0.2.0b2

0.2.0b3

0.3.0a2

0.3.0a3

0.3.0a4

0.3.0a5

0.3.0a6

0.3.0a7

0.3.0a8

0.3.0a9

0.3.0a10

0.3.1

0.4.0

0.4.2

0.4.3

0.4.4

0.4.5

0.4.6

0.4.7

0.4.8

0.4.9

0.4.10

0.4.11

Database specific

source

"https://github.com/pypa/advisory-database/blob/main/vulns/lin-cms/PYSEC-2021-340.yaml"